VARIoT IoT vulnerabilities database
| VAR-200901-0446 | CVE-2008-3865 | Trend Micro NSC Module firewall heap-based buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: High |
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
Successful exploits may allow an attacker to crash an affected application, execute arbitrary code, or bypass security.
These issues affect the following:
Trend Micro OfficeScan Corporate Edition 8.0 SP1 Patch 1
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008
Trend Micro PC-cillin Internet Security 2007.
3) Missing authentication to the Trend Micro Personal Firewall
service (TmPfw.exe) listening on port 40000/TCP by default can be
exploited by any local user to manipulate the firewall configuration
via specially crafted packets regardless of whether password
restriction has been enabled for the configuration interface.
The vulnerabilities are confirmed in versions 16.10.1063 and
16.10.1079. Other versions may also be affected.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2008-42/
http://secunia.com/secunia_research/2008-43/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
======================================================================
2) Severity
Rating: Less critical
Impact: Denial of Service
Privilege Escalation
Where: Local system
======================================================================
3) Vendor's Description of Software
"Trend Micro Internet Security provides smart, up-to-date protection
for your home network against present and future threats without
slowing down your PC.".
These can be exploited by malicious, local users to cause a DoS
(Denial of Service) or potentially gain escalated privileges.
1) Input validation errors exist in the firewall service (TmPfw.exe)
within the "ApiThread()" function when processing packets sent to the
service (by default port 40000/TCP). These can be exploited to cause
heap-based buffer overflows via specially crafted packets containing a
small value in a size field.
2) Input validation errors exist in the firewall service (TmPfw.exe)
within the "ApiThread()" function when processing packets sent to the
service (by default port 40000/TCP). These can be exploited to crash
the service via specially crafted packets containing an overly large
value in a size field.
======================================================================
5) Solution
Apply patch for OfficeScan 8.0 SP1 Patch 1.
======================================================================
6) Time Table
17/10/2008 - Vendor notified.
18/10/2008 - Vendor response.
14/12/2008 - Vendor provides hotfix for testing.
19/12/2008 - Vendor informed that hotfix fixes vulnerabilities.
18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1.
20/01/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following CVE identifiers:
* CVE-2008-3864 (DoS via large size value)
* CVE-2008-3865 (buffer overflow)
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/
OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-42/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
| VAR-200901-0308 | CVE-2009-0270 | Fujitsu SystemcastWizard Lite of PXEService.exe Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Fujitsu Systemcast Wizard Lite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input.
Attackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.
Systemcast Wizard Lite 2.0A and prior are vulnerable. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Fujitsu SystemcastWizard Lite Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33594
VERIFY ADVISORY:
http://secunia.com/advisories/33594/
CRITICAL:
Moderately critical
IMPACT:
Exposure of system information, Exposure of sensitive information,
DoS, System access
WHERE:
>From remote
SOFTWARE:
Fujitsu SystemcastWizard Lite 2.x
http://secunia.com/advisories/product/21065/
Fujitsu SystemcastWizard Lite 1.x
http://secunia.com/advisories/product/21064/
DESCRIPTION:
Some vulnerabilities have been reported in Fujitsu SystemcastWizard
Lite, which can be exploited by malicious people to disclose
sensitive information or to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
2) An input validation error in the TFTP service can be exploited to
download files from arbitrary locations via directory traversal
sequences.
The vulnerabilities are reported in versions 2.0, 2.0A, and prior 1.x
versions.
SOLUTION:
Apply vendor patch for versions after 1.6A.
Reportedly, a patch for previous versions will be available later.
PROVIDED AND/OR DISCOVERED BY:
1) Ruben Santamarta, Wintercore
2) Reported by the vendor.
ORIGINAL ADVISORY:
Fujitsu:
http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html
Ruben Santamarta:
http://www.wintercore.com/advisories/advisory_W010109.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0402 | CVE-2008-5260 | AXIS Camera Control of CamImage.CamImage.1 ActiveX Control heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. Failed attacks will likely cause denial-of-service conditions.
Axis Camera Control 2.40.0.0 is vulnerable; other versions may also be vulnerable.
The vulnerability is confirmed in version 2.40.0.0. Prior versions
may also be affected.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2008-58/
Axis Communications:
http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
======================================================================
2) Severity
Rating: Highly critical
Impact: System compromise
Where: Remote
======================================================================
3) Vendor's Description of Software
"AXIS Camera Control (ActiveX component) makes it possible to view
Motion JPEG video streams from an Axis Network Video product directly
in Microsoft Development Tools and Microsoft Internet Explorer."
Product Link:
http://www.axis.com/techsup/software/acc/index.htm
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in AXIS Camera
Control, which can be exploited by malicious people to compromise a
user's system.
Successful exploitation allows execution of arbitrary code, but
requires that the user is tricked into visiting and clicking a
malicious web page.
======================================================================
5) Solution
The vendor recommends removing the ActiveX control and using
AXIS Media Control as a replacement.
======================================================================
6) Time Table
09/01/2009 - Vendor notified.
09/01/2009 - Vendor response.
23/01/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Alin Rad Pop, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-5260 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-58/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
| VAR-200901-0563 | No CVE | Multiple Sagem F@st Routers 'restoreinfo.cgi' Unauthorized Access Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Multiple Sagem F@st routers are prone to an unauthorized-access vulnerability.
Attackers can exploit this issue to reset the router, possibly resulting in denial-of-service conditions. Other security implications that could aid in further attacks may also occur.
The following routers are affected:
Sagem F@st 1200
Sagem F@st 1240
Sagem F@st 1400
Sagem F@st 1400W
Sagem F@st 1500
Sagem F@st 1500-WG
Sagem F@st 2404
| VAR-200905-0213 | CVE-2009-0897 | IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). IBM WebSphere Partner Gateway (WPG) is prone to an information-disclosure vulnerability.
Exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks.
WPG 6.1.0 and 6.1.1 are vulnerable. WebSphere Partner Gateway is a centralized, integrated B2B trading partner and transaction management tool
| VAR-200902-0034 | CVE-2009-0470 | Cisco IOS of HTTP Multiple cross-site scripting vulnerabilities in servers |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. This vulnerability CVE-2008-3821 Is a different vulnerability. IOS is prone to a cross-site scripting vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. In addition, attackers can also perform administrative operations through cross-site request forgery attacks. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IOS Cross-Site Scripting and Cross-Site Request Forgery
SECUNIA ADVISORY ID:
SA33844
VERIFY ADVISORY:
http://secunia.com/advisories/33844/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IOS 12.x
http://secunia.com/advisories/product/182/
Cisco IOS R12.x
http://secunia.com/advisories/product/50/
DESCRIPTION:
Zloss has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.
1) Input passed via the URL when executing commands is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
2) The device allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to potentially alter the
configuration of the device by tricking the user into visiting a
malicious web site.
The vulnerabilities are reported in Cisco IOS firmware version
12.4(23). Other versions may also be affected.
SOLUTION:
Filter malicious characters and character sequences in a proxy.
Do not visit untrusted websites while being logged in to the device.
PROVIDED AND/OR DISCOVERED BY:
Zloss
ORIGINAL ADVISORY:
http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0449 | CVE-2008-3818 | Cisco ONS Control Card Remote Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session. Cisco ONS is prone to a denial-of-service vulnerability when handling specially crafted TCP traffic.
An attacker can exploit this issue to cause the control cards in the affected devices to reload, denying service to legitimate users.
The following devices are affected:
Cisco ONS 15310-CL and 15310-MA
Cisco ONS 15327
Cisco ONS 15454 and 15454 SDH
Cisco ONS 15600
This issue is being tracked by Cisco BugID CSCsr41128. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco ONS Platform Crafted Packet
Vulnerability
Advisory ID: cisco-sa-20090114-ons
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
mitigations exist that can limit the exposure of this vulnerability. To determine your software
version, view the Help > About window on the CTC management
software). These control cards are usually connected to a
Data Communications Network (DCN). In this context the term DCN is
used to denote the network that transports management information
between a management station and the network entity (NE). This
definition of DCN is sometimes referred to as Management
Communication Network (MCN). The DCN is usually physically or
logically separated from the optical data network and isolated from
the Internet. This limits the exposure to the exploitation of this
vulnerability from the Internet.
A crafted stream of TCP traffic to the control cards on a node will
result in a reset of the corresponding control cards on this node. A
complete 3-way handshake is required on any open TCP port to be able
to exploit this vulnerability.
The timing for the data channels traversing the switch is provided by
the control cards.
When an active and a standby Cisco ONS 15310-MA, ONS 15310-CL, ONS
15327, ONS 15454 or ONS 15454 SDH control card reloads at the same
time, the synchronous data channels traversing the switch drop
traffic until the card comes back online. Asynchronous data channels
traversing the switch are not impacted. Manageability functions
provided by the network element using the CTX, CTX2500, XTC or TCC/
TCC+/TCC2/TCC2P control cards are not available until the control
card comes back online.
On the Cisco ONS 15600 hardware, whenever both the active and standby
control cards are rebooting at the same time, there is no impact to
the data channels traversing the switch because the TSC performs a
software reset which does not impact the timing being provided by the
TSC for the data channels.
Manageability functions provided by the network element through the
TSC control cards are not available until the control card comes back
online.
This vulnerability is documented in Cisco bug ID CSCsr41128
and has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-3818.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CVSS Base Score - 7.8
Access Vector : Network
Access Complexity : Low
Authentication : None
Confidentiality Impact: None
Integrity Impact : None
Availability Impact : Complete
CVSS Temporal Score - 6.4
Exploitability : Functional
Remediation Level : Official-Fix
Report Confidence : Confirmed
Impact
======
Successful exploitation of this vulnerability will result in a reset
of the node's control card. Repeated attempts to exploit this
vulnerability could result in a sustained DoS condition, dropping the
synchronous data channels traversing the switch (Cisco ONS 15310-MA,
ONS 15310-CL, ONS 15327, ONS 15454, ONS 15454 SDH) and preventing
manageability functions provided by the network element control cards
(all ONS switches) until the control card comes back online.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
+-------------------------------------------------------------------------+
| Affected Major Release | First Fixed Release |
|---------------------------------+---------------------------------------|
| 7.0 | Note: Releases prior to 7.0.2 are not |
| | vulnerable. First fixed in 7.0.7 |
|---------------------------------+---------------------------------------|
| 7.2 | Note: Releases prior to 7.2.2 are not |
| | vulnerable. First fixed in 7.2.3 |
|---------------------------------+---------------------------------------|
| 8.0 | Vulnerable; migrate to 8.5.3 or |
| | later. |
|---------------------------------+---------------------------------------|
| 8.5 | Note: Releases prior to 8.5.1 are not |
| | vulnerable. First fixed in 8.5.3 |
|---------------------------------+---------------------------------------|
| 9.0 | Not vulnerable. |
+-------------------------------------------------------------------------+
Note: Releases prior to 7.0 are not affected by this vulnerability.
Workarounds
===========
There are no workarounds for this vulnerability. The following
general mitigation actions help prevent remote exploitation:
* Isolate DCN:
Ensuring the DCN is physically or logically separated from the
customer network and isolated from the Internet will limit the
exposure to the exploitation of these vulnerabilities from the
Internet or customer networks.
* Apply Transit Access Control Lists:
Apply access control lists (ACLs) on routers / switches /
firewalls installed in front of the vulnerable network devices
such that TCP/IP traffic destined for the CTX, CTX2500, XTC, TCC2
/TCC2+/TCC2P, or TSC control cards on the ONS is allowed only
from the network management workstations.
For examples on how to apply ACLs on Cisco routers, refer to the
white paper "Transit Access Control Lists: Filtering at Your
Edge", which is available at the following link:
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090114-ons.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized
telephone numbers, and instructions and e-mail addresses for use in
various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found by reviewing Cisco TAC service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkluC5MACgkQ86n/Gc8U/uCIiwCfb0TgaYDql8VEjtERKMaqgHOm
h0oAniEObgEKjHbo+CHnJxfFFKhCr17o
=7xLg
-----END PGP SIGNATURE-----
| VAR-200901-0290 | CVE-2009-0053 | Cisco IronPort Encryption Appliance and Cisco IronPort PostX of PXE Encryption Vulnerability in obtaining decryption key |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error.". Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
The administration interface of IronPort Encryption Appliance devices
contains a cross-site request forgery (CSRF) vulnerability that could
allow an attacker to modify a user's IronPort Encryption Appliance
preferences, including their user name and personal security pass
phrase, if the user is logged into the IronPort Encryption Appliance
administration interface. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to access user accounts on an IronPort Encryption Appliance
device, which could result in the modification of user preferences.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B. Snyder of Brintech reported a method for obtaining PXE
Encryption user credentials via a phishing-style attack to Cisco.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0291 | CVE-2009-0054 | Cisco IronPort Encryption Appliance of PXE Encryption and Cisco IronPort PostX Vulnerabilities in which authentication information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
The administration interface of IronPort Encryption Appliance devices
contains a cross-site request forgery (CSRF) vulnerability that could
allow an attacker to modify a user's IronPort Encryption Appliance
preferences, including their user name and personal security pass
phrase, if the user is logged into the IronPort Encryption Appliance
administration interface. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to access user accounts on an IronPort Encryption Appliance
device, which could result in the modification of user preferences.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0304 | CVE-2009-0055 | Cisco IronPort Encryption Appliance and Cisco IronPort PostX Cross-site request forgery vulnerability in admin interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
message without user interaction. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B. Snyder of Brintech reported a method for obtaining PXE
Encryption user credentials via a phishing-style attack to Cisco.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0305 | CVE-2009-0056 | Cisco IronPort Encryption Appliance and Cisco IronPort PostX Cross-site request forgery vulnerability in admin interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action. Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
message without user interaction. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B. Snyder of Brintech reported a method for obtaining PXE
Encryption user credentials via a phishing-style attack to Cisco.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0448 | CVE-2008-3821 |
Cisco IOS cross-site scripting vulnerability
Related entries in the VARIoT exploits database: VAR-E-200901-0317 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default. For more information, refer to the information provided by Cisco. NOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser.
These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The attacker may also perform cross-site request-forgery attacks on the same scripts and parameters. Other attacks may also be possible. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
1) Adrian Pastor and Richard J. Brain of ProCheckUp.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
ProCheckUp:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
JVN:
http://jvn.jp/en/jp/JVN28344798/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ProCheckup has posted a Security Advisory
titled "XSS on Cisco IOS HTTP Server" posted at
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
Cisco would like to thank Adrian Pastor and Richard J. A system that contains the IOS HTTP server or HTTP secure
server, but does not have it enabled, is not affected.
To determine if the HTTP server is running on your device, issue the
show ip http server status | include status and the show ip http
server secure status | include status commands at the prompt and look
for output similar to:
Router#show ip http server status | include status
HTTP server status: Enabled
HTTP secure server status: Enabled
If the device is not running the HTTP server, you should see output
similar to:
Router#show ip http server status | include status
HTTP server status: Disabled
HTTP secure server status: Disabled
These vulnerabilities are documented in the following Cisco bug IDs:
* Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server
Special Characters are not escaped in URL strings sent to the
HTTP server.
* Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter)
Special Characters are not escaped in URL strings sent to the
HTTP server, via the ping parameter. The ping parameter is used
both by external applications such as Router and Security Device
Manager (SDM) as well as a direct HTTP session to Cisco IOS http
server.
These vulnerabilities are independent of each other. These vulnerabilities have been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821.
Workaround
+---------
If the HTTP server is not used for any legitimate purposes on the
device, it is a best practice to disable it by issuing the following
commands in configure mode:
no ip http server
no ip http secure-server
If the HTTP server is required, it is a recommended best practice to
control which hosts may access the HTTP server to only trusted
sources. To control which hosts can access the HTTP server, you can
apply an access list to the HTTP server. To apply an access list to
the HTTP server, use the following command in global configuration
mode:
ip http access-class {access-list-number | access-list-name}
The following example shows an access list that allows only trusted
hosts to access the Cisco IOS HTTP server:
ip access-list standard 20
permit 192.168.1.0 0.0.0.255
remark "Above is a trusted subnet"
remark "Add further trusted subnets or hosts below"
! (Note: all other access implicitly denied)
! (Apply the access-list to the http server)
ip http access-class 20
For additional information on configuring the Cisco IOS HTTP server,
consult Using the Cisco Web Browser User Interface.
For additional information on cross-site scripting attacks and the
methods used to exploit these vulnerabilities, please refer to the
Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting
(XSS) Threat Vectors", which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml
Further Problem Description
+--------------------------
This vulnerability is about escaping characters in the URL that are
sent to the HTTP server. The fix for this
vulnerability is to escape special characters in the URL string
echoed in the response generated by the web exec application.
Software Version and Fixes
+-------------------------
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) describes a release
train and the platforms or products for which it is intended. If a
given release train is vulnerable, then the earliest possible
releases that contain the fix (the "First Fixed Release") and the
anticipated date of availability for each are listed in the "Rebuild"
and "Maintenance" columns. A device running a release in the given
train that is earlier than the release in a specific column (less
than the First Fixed Release) is known to be vulnerable. The release
should be upgraded at least to the indicated release or a later
version (greater than or equal to the First Fixed Release label).
For more information on the terms "Rebuild" and "Maintenance,"
consult the following URL:
http://www.cisco.com/warp/public/620/1.html
+----------------------------------------+
| Major | Availability of Repaired |
| Release | Releases |
|------------+---------------------------|
| Affected | First Fixed | Recommended |
| 12.0-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | 12.0(33)S3; | |
| 12.0S | Available | |
| | on | |
| | 03-APR-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SC | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SL | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0SP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0ST | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SX | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SY | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SZ | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.0(3c)W5 |
| 12.0W | first fixed | (8) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0WC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0WT | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.0(4)XI2 | |
| | are | |
| | vulnerable, | |
| 12.0XI | release | 12.4(15) |
| | 12.0(4)XI2 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XN | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.1-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1AA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AY | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1CX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1E | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1EA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.1EB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.1EC | first fixed | SCA212.2 |
| | in 12.3BC | (33)SCB12.3 |
| | | (23)BC6 |
|------------+-------------+-------------|
| 12.1EO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.1EU | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.1EV | first fixed | S1212.2(33) |
| | in 12.4 | SB312.4(15) |
| | | T812.4(23) |
|------------+-------------+-------------|
| | | 12.2(31) |
| | Vulnerable; | SGA912.2 |
| 12.1EW | first fixed | (50)SG12.4 |
| | in 12.4 | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1EY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.1(5)YE6 | |
| | are | |
| | vulnerable, | |
| 12.1YE | release | 12.4(15) |
| | 12.1(5)YE6 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1YI | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1YJ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.2-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2BC | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.2BX | first fixed | SB312.4(15) |
| | in 12.4 | T812.4(23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CX | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CY | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2CZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EW | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EWA | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| 12.2EX | 12.2(40)EX | 12.2(44)EX1 |
|------------+-------------+-------------|
| | 12.2(44)EY; | 12.2(46)EY; |
| 12.2EY | Available | Available |
| | on | on |
| | 30-JAN-2009 | 23-JAN-2009 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2EZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2FY | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.2IRA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IRB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2S | first fixed | 12.2(20)S12 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | 12.2(33) | |
| | SB12.2(31) | |
| 12.2SB | SB14; | 12.2(33)SB3 |
| | Available | |
| | on | |
| | 16-JAN-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SBC | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2SCA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SCB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SE | 12.2(40)SE | 12.2(44)SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEB | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEC | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SED | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEE | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEF | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2SEG | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| 12.2SG | 12.2(44)SG | 12.2(50)SG |
|------------+-------------+-------------|
| 12.2SGA | 12.2(31) | 12.2(31) |
| | SGA9 | SGA9 |
|------------+-------------+-------------|
| 12.2SL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SM | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRA | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRB | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| 12.2SRC | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SRD | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2STE | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2SU | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2SV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SW | first fixed | 12.4(15)T8 |
| | in 12.4SW | |
|------------+-------------+-------------|
| 12.2SX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXH | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SXI | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SY | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2XF | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(20) |
| | | S1212.2(33) |
| | | SB312.2(33) |
| 12.2XN | 12.2(33)XN1 | SRC312.2 |
| | | (33) |
| | | XNA212.2 |
| | | (33r)SRD2 |
|------------+-------------+-------------|
| 12.2XNA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2XNB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | 12.2(46)XO; | 12.2(46)XO; |
| 12.2XO | Available | Available |
| | on | on |
| | 02-FEB-2009 | 02-FEB-2009 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YH | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YM | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2YN | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YQ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YS | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2YT | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YU | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YW | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.2(13)ZC | |
| | are | |
| 12.2ZC | vulnerable, | |
| | release | |
| | 12.2(13)ZC | |
| | and later | |
| | are not | |
| | vulnerable; | |
|------------+-------------+-------------|
| 12.2ZD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZF | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2ZJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZU | migrate to | |
| | any release | |
| | in 12.2SXH | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZX | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2ZY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZYA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.3-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3BW | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3EU | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.3JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3JL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3T | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3VA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XD | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XI | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XL | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XQ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XS | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XW | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XX | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XY | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XZ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3YA | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YF | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YH | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YI | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YM | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YQ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YS | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YX | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3ZA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.4-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| 12.4 | 12.4(16) | 12.4(23) |
|------------+-------------+-------------|
| 12.4JA | 12.4(16b)JA | 12.4(16b) |
| | | JA1 |
|------------+-------------+-------------|
| 12.4JDA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 |
|------------+-------------+-------------|
| 12.4JMA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JMB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(16b) |
| 12.4JX | first fixed | JA1 |
| | in 12.4JA | |
|------------+-------------+-------------|
| 12.4MD | 12.4(15)MD | 12.4(15)MD2 |
|------------+-------------+-------------|
| 12.4MR | 12.4(16)MR | |
|------------+-------------+-------------|
| 12.4SW | 12.4(11)SW3 | 12.4(15)T8 |
|------------+-------------+-------------|
| 12.4T | 12.4(15)T | 12.4(15)T8 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XB | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XC | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XE | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XM | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XN | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4XQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XR | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | | 12.4(11) |
| | | XW10; |
| 12.4XW | 12.4(11)XW3 | Available |
| | | on |
| | | 22-JAN-2009 |
|------------+-------------+-------------|
| 12.4XY | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XZ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4YA | Not | |
| | Vulnerable | |
+----------------------------------------+
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y
JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke
=cGUi
-----END PGP SIGNATURE-----
| VAR-200901-0453 | CVE-2008-4444 | Cisco Unified IP Phone Service disruption in (DoS) Or arbitrary code execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers. Cisco Unified IP Phone 7960G and 7940G are prone to a denial-of-service vulnerability
An attacker can exploit this issue to cause the affected phones to reboot, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. Cisco Unified IP Phone is a set of unified IP phone solutions of Cisco (Cisco). Once the call is
established, the media content is carried by the RTP protocol. Cisco released a patched firmware on October 21, 2008 which is
described in the bug identifier CSCsu22285 (Cisco Unified IP Phone 7960G
and 7940G (SIP) Release Notes for Firmware Release 8.10).
Credits:
--------
* This vulnerability was discovered by Gabriel Campana and Laurent Butti
from France Telecom / Orange
| VAR-200901-0729 | CVE-2009-1696 | plural Apple In product Safari Vulnerability that can track user sessions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Multiple web browsers are prone to a cross-domain information-disclosure vulnerability.
An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.
The following browsers are vulnerable:
Microsoft Internet Explorer
Mozilla Firefox
Apple Safari
Google Chrome
Opera
Other browsers may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0751 | CVE-2009-1685 | plural Apple In product document.implementation Property handling cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. WebKit is prone to a cross-domain scripting vulnerability.
A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. If a user is tricked into visiting a malicious site, the document.implementation of an embedded or parent document provided by a different security zone will be overwritten. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0758 | CVE-2009-1703 | Apple Safari of WebKit Information disclosure vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0752 | CVE-2009-1707 | Apple Safari of" Safari ”Reset” vulnerability for reading stored website passwords |
CVSS V2: 1.2 CVSS V3: - Severity: LOW |
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Apple Safari is prone to a local information-disclosure vulnerability.
A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. Apple Safari \"WebKit\" After hitting the \"Reset\" key of \"Reset Saved Names and Passwords\" in the \"Reset Safari\" menu option, Safari may take up to 30 seconds to clear the password. Users who have accessed the system during this window of time can access stored credentials. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes). ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0748 | CVE-2009-1701 | plural Apple In product JavaScript DOM Vulnerability to execute arbitrary code related to implementation |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. A use-after-free vulnerability exists in Apple Safari's \"WebKit\" handling of the JavaScript DOM.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3613
-- Disclosure Timeline:
2009-02-09 - Vulnerability reported to vendor
2009-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* wushi & ling of team509
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0735 | CVE-2009-1682 | Apple Safari In EV Certificate processing vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted webservers. This will aid in further attacks.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. A bug in Safari's handling of EV certificates could lead to bypassing revocation checks, which could allow pages to load without issuing a revoked EV certificate warning. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0736 | CVE-2009-1718 | Apple Safari of WebKit Information disclosure vulnerability in drug events |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server