VARIoT IoT vulnerabilities database

VAR-200806-0031 | CVE-2008-2639 |
Citect SCADA ODBC Server Remote Stack Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-200806-0107, VAR-E-200806-0108 |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. Citect Made by company CitectSCADA Contains a buffer overflow vulnerability. Citect CitectSCADA Is SCADA (Supervisory Control And Data Acquisition) Software used for monitoring and control in the system. CitectSCADA Contains a buffer overflow vulnerability because it cannot properly handle crafted requests from clients.Arbitrary code is executed by a remote party or service operation is interrupted (DoS) There is a possibility of being attacked.
Citect SCADA and CitectFacilities include ODBC server functionality to provide remote SQL access to relational databases. The ODBC server component listens to client requests from the network on the port 20222 / tcp by default. The application layer protocol on TCP reads the 4-byte initial message to specify the length of the data in the next message, and then sockets from the same TCP. Word reads the next message of this length, where the first 5 bytes are a fixed header. After the second message in the network is read into the buffer, the data is copied to a fixed-size internal buffer on the stack.
Due to the lack of a correct length check of the data read, memory copy operations using fixed-size target buffers allocated on the stack may overflow, allowing unauthenticated remote attackers to execute arbitrary instructions on the vulnerable system . CitectSCADA is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Citect Products ODBC Server Component Buffer Overflow
SECUNIA ADVISORY ID:
SA30638
VERIFY ADVISORY:
http://secunia.com/advisories/30638/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
CitectFacilities 7.x
http://secunia.com/product/19043/
CitectSCADA 6.x
http://secunia.com/product/19041/
CitectSCADA 7.x
http://secunia.com/product/19042/
DESCRIPTION:
Core Security Technologies has reported a vulnerability in
CitectSCADA and CitectFacilities, which can be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
The vulnerability is reported in the following versions:
* CitectSCADA v6
* CitectSCADA v7
* CitectFacilities v7
SOLUTION:
Contact the vendor for patches.
PROVIDED AND/OR DISCOVERED BY:
Sebasti\xe1n Mu\xf1iz, Core Security Technologies
ORIGINAL ADVISORY:
CORE-2008-0125:
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2186
OTHER REFERENCES:
US-CERT VU#476345:
http://www.kb.cert.org/vuls/id/476345
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs/
~ CitectSCADA ODBC service vulnerability
*Advisory Information*
Title: CitectSCADA ODBC service vulnerability
Advisory ID: CORE-2008-0125
Advisory URL: http://www.coresecurity.com/?action=item&id=2186
Date published: 2008-06-11
Date of last update: 2008-06-10
Vendors contacted: Citect
Release mode: Coordinated release
*Vulnerability Information*
Class: Buffer overflow
Remotely Exploitable: Yes
Locally Exploitable: Yes
Bugtraq ID: 29634
CVE Name: CVE-2008-2639
*Vulnerability Description*
Citect is a supplier of industrial automation software with headquarters
in Australia and over 20 offices in Oceania, South East Asia, China,
Japan, the Americas, Europe, Africa and the Middle East. Citect's
products are distributed in over 80 countries through a network of more
than 500 partners. According to Citect's website [1] the company, a
fully owned subsidiary of Schneider Electric, has more than 150,000
licenses of its software sold to date. Citect's products are used by
organizations worldwide in numerous industries including Aerospace &
Defense, Oil & Gas, Power/Utilities, Chemical, Pharmaceutical,
Manufacturing and others. with an integrated Human Machine Interface
(HMI) / SCADA solution to deliver a scalable and reliable control and
monitoring system. The system is composed by software installed on
standard computer equipment running on commercial-of-the-shelf Microsoft
Windows operating systems. To
accomplish such goal the would-be attacker must be able to connect to
the vulnerable service on a TCP high-port.
*Vulnerable Packages*
. CitectSCADA v6
. CitectSCADA v7
. CitectFacilities v7
*Non-vulnerable Packages*
. Contact the vendor for fixed versions of the product.
*Vendor Information, Solutions and Workarounds*
In general process control networks should be physically isolated from
corporate or other publicly accessible data networks as such an isolated
network will limit the exposure of systems with network facing
vulnerabilities only to accidental disruption or potentially malicious
users or systems within the process control network itself.
However, if physical isolation of the process control network is not
feasible it is strongly recommended to enforce and monitor strict
network access control mechanisms to verify that only the absolute
minimal required set of systems from both within and outside the process
control network are allowed to connect to any systems within the process
control network. In this particular case, access control mechanisms on
both end-systems and network boundary devices such as firewalls and
IPSes must ensure that only hardened and trusted systems from that
minimal set can connect to systems in the process control network
running potentially vulnerable software. Nonetheless systems on that
minimal set must still be considered potential attack vectors into the
process control network and should they become compromised, providers of
transitive trust from the process control network to external untrusted
systems.
Besides the recommendation of a secure network architecture with strict
network access control measures, OS hardening and other sound system
administration practices a specific workaround for the vulnerability
reported in this advisory is provided below.
The vulnerability is located in the ODBC server service, vulnerable
organizations that do not require ODBC connectivity may disable the
service with no adverse effects to the CitectSCADA software.
Installations that require ODBC connectivity to SQL databases,
spreadsheets, etc. will suffer loss of connection with ODBC data sources
if this workaround is applied. Vulnerable organizations should obtain
positive verification that ODBC connectivity is not necessary in their
installation and prepare appropriate contingency procedures before the
workaround is applied.
Vendor statement:
CitectSCADA is not designed to be accessible on public networks and
recommends that the SCADA and control networks be protected by firewall
or similar on live sites.
The system must be network hardened regardless of the corrupt packet
software change to ensure a secure system given the likelihood that on
the same network are open industry standard protocol devices perhaps
communicating via ethernet.
Please follow this link on Citect website under "Industries and
Solutions" for security, that provides some information for customers
interested in securing their SCADA systems:
http://www.citect.com/index.php?option=com_content&task=view&id=186&Itemid=322
*Credits*
This vulnerability was discovered and researched by Sebastian Mu\xf1iz from
the Core IMPACT Exploit Writers Team (EWT) at Core Security
Technologies. Exploitation was further investigated by Nicolas Economou
also from the Core IMPACT Exploit Writers Team (EWT).
Core would also like to thank Paul Fahey of AusCERT, Gaston Franco and
Patricia Prandini of ArCERT and Art Manion and Chris Taschner of CERT/CC
for their assistance during the vulnerability reporting process.
This bug is a textbook example of a classic stack-based buffer overflow
that can be exploited by overwriting the return address of the currently
running thread. The following binary excerpt shows the nature of the
problem:
/-----------
~ .text:0051BC33 loc_51BC33:
~ .text:0051BC33 lea ecx, [ebp+pDestBuffer]
~ .text:0051BC39 push ecx ; stack based buffer
~ .text:0051BC3A mov edx, [ebp+arg_0]
~ .text:0051BC3D push edx ; class that contains packet
~ .text:0051BC3E call sub_52125A ; memcpy
- -----------/
*Report Timeline*
. 2008-01-30:
Initial contact mail sent by Core to Citect's support team. 2008-01-30:
Additional mail sent to Citect support team asking for a software
security contact at Citect. 2008-01-30:
Email from Citect's support team acknowledging notification and
requesting information in plaintext. 2008-02-06:
Core sends the draft advisory, including proof of concept code to
demonstrate the vulnerability. 2008-02-28:
Core requests a response from the vendor and asks for the vendor's plan
to release fixes to vulnerable products. 2008-03-06:
Email from the vendor's technical architect confirms reception of the
report and indicating that there are not concerns around publication of
a security advisory disclosing the vulnerability. The vendor asks for a
phone conference to ensure that both Core and Citect have a common
understanding of the issue and expresses the possibility of adding
additional information to the advisory. The vendor also states that it
will formulate a plan for handling this issue. 2008-03-12:
Core asks to continue the discussion concerning the vulnerability by
mail so as to have all the involved parties informed simultaneously and
all communications documented. Core requests confirmation that the
vendor has been able to reproduce the vulnerability and requests details
concerning the plan to release fixes and asks for the additional
information that the vendor would like to include in the advisory (in
the "vendor information" section). Core reminds the vendor that the
original publication date of the advisory was February 25th and states
that the publication of the advisory is now re-scheduled to March 24th
because fixed versions were not available at the date initially scheduled. 2008-03-25:
Vendor confirms that it reproduced and identified the vulnerability and
indicates that the official stance is that CitectSCADA is not designed
to be accessible on public networks and recommends that SCADA and
control networks are protected by firewalls and other security measures
on live sites. The vendor also states that it has no immediate plans to
support CitectSCADA on public networks but is investigating the
possibility of having a security audit of the product. 2008-03-25:
Core notifies the vendor the intention to release the advisory on March
26th given that the vendor has no immediate plans for fixing the
vulnerability. 2008-03-26:
Core consults under NDA with a process control security expert to obtain
a better understanding of the scope and impact of the vulnerability. The
specific technical details about the vulnerability are not disclosed,
only the general type of bug and the specific TCP port on which the
vulnerable service listens are discussed. 2008-04-02:
Core revisits its current plan to disclose the vulnerability and decides
to get Computer Emergency Response Teams (CERTs) involved in the
process. Core notifies the vendor that it will postpone the publication
of the advisory, and that it will contact the Computer Emergency
Response Teams (CERTs) of countries were Core has physical offices
(Argentina and USA) and the country were Citect has its headquarters
(Australia). Core will then determine the contents and date of
publication for the security advisory based on further communication
with the vendor and CERTs and more precise details that the vendor may
provide regarding availability of fixes. 2008-04-02:
Core notifies the vendor that it will contact the CERTs of Australia,
USA and Argentina. Core reminds the vendor that the vulnerability
reported is a classic example of a stack-based buffer overflow bug
trivial to exploit in present times and that although the previous email
from the vendor provided a vague statement indicating that "the scenario
is under consideration for the next release", to date there has not been
any concrete details about development and release of fixes or a firm
commitment to any specific date to release them. 2008-04-08:
Core sends an initial notification to AusCERT, CERT/CC and ArCert
including a draft advisory describing the bug and the vendor's contact
information, requesting an acknowledgement within 2 working days. 2008-04-08:
AusCERT acknowledges reception of the advisory
. 2008-04-09:
ArCERT acknowledges reception of the advisory
. 2008-04-10:
CERT/CC acknowledges reception of the advisory on a phone call
. 2008-04-10:
AusCERT notifies Core that so far it has not been able to contact the
vendor and asks for approval to disseminate the information to the
Australian government and other national and international entities
overlooking national infrastructure security. AusCERT also asks if CORE
intends to publish the advisory and if so requests some time to be able
to notify affected organizations. Meanwhile AusCERT indicates that it
will continue to try to work with the vendor. 2008-04-10:
Core responds that it has no problems with AusCERT notifying other
parties that may be able to better prepare risk mitigation procedures
and/or work more closely with the vendor towards development and release
of a fix. However, Core asks to keep the dissemination of the
information to a minimum in order to avoid a potential leak. Core
indicates that it has asked the vendor to provide concrete details about
how and when it plans to address the issue and that based on the
response to that question it will determine a publication date for the
security advisory. Lacking a response from the vendor, Core will
determine the publication date based on the feedback received from the
CERTs and the progress of their preparations to address the report. 2008-04-10:
AusCERT asks if it is ok to contact other CERTs and international
government communities to make them aware of the issue and to ensure
everyone is prepared when the report is published. 2008-04-10:
Core response indicating that it is ok to contact any organization that
AusCERT deems relevant for the stated purpose
. 2008-04-10:
ArCert reports that it will start gathering information about
appropriate organizations in Argentina to report the problem and start
contacting them. 2008-04-11:
CERT/CC reports that US-CERT has been made aware of the issue and will
be kept updated going forward. If AusCERT is already in contact with the
vendor CERT/CC will standby and follow AusCERT's lead. 2008-04-14:
AusCERT reports that after several communication attempts the vendor
said that it will address the issue in the next release of the product
(by mid-year) and release a patch in a couple of months. However, the
information is not to be considered an official statement and there is
no official indication of a plan to provide immediate resolution. 2008-04-14:
CERT/CC asks if Core will publish the advisory before mid-year and
states concerns about the potential time elapsed between advisory
publication and release of the fix. CERT/CC will likely put out
information soon after Core does and expresses its interest to receive
more information from the vendor regarding their response plan. 2008-04-14:
AusCERT notes that Core has given the CERTs the time to notify possibly
affected organizations before the report is published and requests any
specific questions to be asked to the vendor. 2008-04-14:
Core states that it is entirely possible to re-visit the publication
date of the report (which has been done twice so far) but to do so Core
requires concrete details and a committed date for the release of a fix
noting that it wasn't until AusCERT's email from April 14th that the
possibility that the vendor would release of a patch seemed realistic.
Core is willing to postpone publication of the report provided that the
vendor commits to release a fix no later than June 30th (the upper bound
to the promised mid-year deadline indicated by the vendor). Core also
reminds the CERTs that its intent in notifying them of the bug was to
help to coordinate a way to address the bug should an official patch or
fix is not made available by the vendor. 2008-04-24:
Core sends an email to the 3 CERTs requesting a status update and any
further details about the availability of fixes. Core would like to set
a final date for the publication of its report. 2008-04-28:
AusCERT indicates that after several calls and messages, the vendor has
stated that it does not publish specific release schedules for updates
and does not indicate what will or will not be their contents and that
once a release is finalized all relevant materials are updated to
reflect that fact. AusCERT asks about Core's plans regarding the issue. 2008-04-28:
CERT/CC suggests that in light of the vendor statement one last effort
should be attempted, setting a date for publication one or two weeks
into the future and presenting the final drafts of the report to the vendor. 2008-04-28:
Core sets the advisory publication date to May 12th and indicates to the
three CERTs that the date is considered final unless concrete details
about a patch release schedule are communicated no later than May 8th.
The vendor has already been sent drafts of the advisory, the last one
sent on March 25th, and Core has little confidence that the current
status process will change in a positive manner. Core will consider the
time up to May 12th as a period to finalize the preparation of guidance
documents about how to deal with the issue without an official fix
available. Should such a document be provided, Core is willing and open
to include its recommendations in the security advisory. 2008-05-06:
Core informs the CERTs that it is still editing its security advisory
and that once the final draft is ready it will be sent for review to the
vendor and the CERTs before it is published. Core informs that it will
also issue a press release disclosing the issue and invites spokesmen
from any of the CERTs to participate with a quote should they want to do so. 2008-05-08:
CERT/CC acknowledges Core's email and thanks for the update indicating
that it will not participate in a press release. 2008-05-14:
Core sends its final draft of the security advisory to Citect and the 3
CERTs indicating that the publication date is set to May 19th, 2008 at
approximately 3pm UTC. Should the vendor or the CERTS have any official
comments or statements or workarounds that they would like to be
included in Core's advisory they must be provided them by email no later
than Friday May 16th 2008 at 9pm (UTC). 2008-05-15:
Email from the vendor indicating the Citect has allocated resources to
address the issue and is pleased to advise that a patch will be
available by the end of May. The vendor assumes that publication of the
advisory will be postponed given Core's previous email from April 14th
stating that it is willing to review the publication date if the vendor
commits to releasing a fix no later than June 30th. 2008-05-16:
Email from CERT/CC asking about Core's plan to publish the advisory and
stating that CERT/CC is inclined to hold off publication for a couple of
weeks provided that Core does the same. JPCERT has been informed of the
vulnerability to prepare for the upcoming disclosure. 2008-05-16:
Core sends email to Citect and the three CERTs stating that publication
of the advisory has been re-scheduled to June 2nd 2008 and reiterating
that should the vendor want to include additional information or
specific pointers to the patch it should be provided at least a day in
advance. 2008-05-28:
Core sends a follow up to the email sent on May 16th requesting
confirmation that Citect is on track to release fixes for the
vulnerability. Core had re-scheduled publication of the security
advisory to June 2nd, 2008 (next Monday) and wants to confirm that
software fixes will be ready to roll out and to provide the opportunity
to include in the advisory any official guidelines on how to obtain them
and/or any alternative workarounds to the problem. Specific questions
about the potential workaround of disabling the vulnerable service are
sent to the vendor as well as a request to provide a list of both
vulnerable and not vulnerable packages. This information should be
received no later than Friday June 30th, 2008 at 1pm UTC. 2008-06-01:
Email received from the vendor stating: "The fix is on track and is
currently in code review and testing stage. We will advise when and how
the patch will be released". 2008-06-01:
Core asks if the vendor has a concrete estimated date for the patch
release. It is noted that publication of the security advisory was
re-scheduled to June 2nd, 2008 on the basis of the vendor's commitment
to release fixes "by the end of May" as indicated in the vendor's email
from May 15th 2008. May is already past and Core still has no concrete
details about when and how the fixes will be available. Core also notes
that the previous email from May 28th 2008 had specific questions that
may help craft guidance and recommendations for vulnerable organizations
to mitigate risk due to the vendor's software security exposure and asks
if the vendor is able to provide answers to those specific inquires.
Core also states that it would like to discuss with the CERTs any
specific details and information about their plans to address this issue
in the upcoming week. In the absence of concrete fix details and
workarounds from the vendor Core would like to coordinate with CERTs the
dissemination of information to help reduce risk to vulnerable
organizations worldwide. 2008-06-01:
AusCERT indicates that it's ready for the publication and that it will
publish its own report after Core has done so. 2008-06-04:
Email from CERT/CC asking for a status update from Core and noting that
neither the vendor patches nor Core's advisory have been published by
June 2nd as planned. CERT/CC is ready to publish information about the
issue and is willing to do so on Core's timetable. 2008-06-04:
Citect informs that the patch for the reported issue has been completed
at the code level and is being QA tested. The timing of software
releases is a company commercial decision, and no guarantee of delivery
dates is given. However, the vendor anticipates the patch will be
published on its website in the next day or so, assuming QA approval is
given. The vendor informs that the suggested workaround of disabling
the ODBC server is viable for users that do not need this functionality
(most users of CitectSCADA) and would not affect the operation of the
software in any other way.
The vendor states that "Although this patch will be made available to
our supported customers, Citect maintains the stated stance that under
NO circumstances should any SCADA/PLC/DCS/RTU/Process Control network
should ever be exposed unprotected to the internet. The network should
either be securely firewalled or better still isolated, or otherwise
protected using approved IT security methodology. Citect has previously
published security recommendations in a whitepaper located on our
website at
http://www.citect.com/documents/whitepapers/SCADA%20Security%20Whitepaper.pdf
"SECURING AN INTEGRATED SCADA SYSTEM - Network Security & SCADA Systems
Whitepaper". The vendor also indicates that "copies of the security
alert report appear to have been circulated before the advised date of
publication, contrary to the undertaking given to Citect."
. 2008-06-04:
Core's email to Citect, AusCERT, CERT/CC and ArCert informing them that
publication of the security advisory has now been re-scheduled to June
11th 2008. The date is final. The advisory will include references to
the vendor's security recommendations and white paper as well as the
proposed workaround. Core also indicates that to date the company has
not published any report about the issue and has no indication of any
such reports circulating "in the wild" but cannot discard that as a
possibility given that the vendor's lack of proper secure communications
procedures forced all the involved parties to communicate without any
form of email encryption and that those communications have occurred
over a public network such as the Internet for a period of over 4 months. 2008-06-04:
Email from CERT/CC indicating that it will too publish a report on June
11th also noting the importance of sound system administration practices
such as disabling unneeded features and a secure network architecture.
CERT/CC agrees on the need of isolated or otherwise secured process
control networks but indicates that in practice that is not always the
case. Further information about any potential information leak is requested. 2008-06-10:
Final draft of the advisory sent to Citect and CERTs, asking for
confirmation that patches are now available. 2008-06-10:
Citect confirms that patches are available to customers upon request and
reiterates that the vendor's official stance is that the control network
must be secured, and customers requesting the patch will be offered
advice and links on how to do this. 2008-06-10:
CERT/CC asks for any official guidance or wording that could be used in
documents to direct readers appropriately. For example, an URL to a
support/contact web site, or a case number. 2008-06-11:
Security advisory CORE-2008-0125 published.
*References*
[1] Citect Corporate Profile
http://www.citect.com/index.php?option=com_content&task=view&id=94&Itemid=151
*About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs/.
*About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core augments its
leading technology solution with world-class security consulting
services, including penetration testing and software security auditing.
Based in Boston, MA and Buenos Aires, Argentina, Core Security
Technologies can be reached at 617-399-6980 or on the Web at
http://www.coresecurity.com.
*Disclaimer*
The contents of this advisory are copyright (c) 2008 Core Security
Technologies and (c) 2008 CoreLabs, and may be distributed freely
provided that no fee is charged for this distribution and proper credit
is given.
*GPG/PGP Keys*
This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhP2lEACgkQyNibggitWa29yQCdHfYtgLzOvys9Msi95eqF8H/X
ADEAoKB9r52U9KXlEvBn5GgCaqXqC8OG
=5qtX
-----END PGP SIGNATURE-----
VAR-200806-0101 | CVE-2008-2674 | Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.
Very few technical details are currently available. We will update this BID as more information emerges.
Please see the vendor's advisory for a list of affected products and
versions.
SOLUTION:
Please see the vendor's advisory for workaround details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0575 | CVE-2008-0960 |
SNMPv3 improper HMAC validation allows authentication bypass
Related entries in the VARIoT exploits database: VAR-E-200806-0300 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. SNMPv3 The implementation of contains an authentication bypass vulnerability because it does not properly handle crafted packets. SNMP (Simple Network Management Protocol) Is a widely used protocol for monitoring and managing network devices. SNMPv3 Supports security features such as authentication and privacy control. SNMPv3 In the authentication of HMAC (keyed-Hash Message Authentication Code) Is used. This code is generated by combining a private key and a cryptographic hash function. SNMPv3 Depending on the implementation of, there is a possibility that authentication may be bypassed by processing specially crafted packets due to vulnerability in authentication processing.By remote third party SNMP The object may be read or modified. Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.
Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.
Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable. The software is used to monitor network equipment, computer equipment, UPS equipment, etc. An attacker could exploit this vulnerability to read and modify any SNMP object accessible using the authenticated credentials logged into the system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: SNMP Version 3 Authentication
Vulnerabilities
Document ID: 107408
Advisory ID: cisco-sa-20080610-snmpv3
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
Revision 1.0
For Public Release 2008 June 10 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
Multiple Cisco products contain either of two authentication
vulnerabilities in the Simple Network Management Protocol version 3
(SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could
allow the disclosure of network information or may enable an attacker
to perform configuration changes to vulnerable devices. The SNMP
server is an optional service that is disabled by default in Cisco
products. Only SNMPv3 is impacted by these vulnerabilities.
Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has
assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960
has also been assigned to these vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following Cisco products are vulnerable.
* Cisco IOS
* Cisco IOS-XR
* Cisco Catalyst Operating System (CatOS)
* Cisco NX-OS
* Cisco Application Control Engine (ACE) Module
* Cisco ACE Appliance
* Cisco ACE XML Gateway
* Cisco MDS 9000 Series Multilayer Fabric Switches
Note: The SNMP server is disabled by default. These vulnerabilities
only impact devices that are configured for SNMPv3.
To determine the version of SNMP configured in Cisco IOS, CatOS and
IOS-XR, log in to the device and issue the show snmp group command.
The security model field indicates the version of SNMP configured.
The output "usm" is the abbreviation for user-based security model
and this indicates SNMPv3 is configured.
Cisco IOS
router#show snmp group
groupname: test security model:v3 noauth
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
Cisco CatOS
5500-1 (enable) show snmp group
Security Model: v3
Security Name: userv3
Group Name: groupv3
Storage Type: nonvolatile
Row Status: active
Cisco IOS-XR
RP/0/RP0/CPU0:ios#show snmp group
groupname: test security model:usm
readview : v1default writeview: -
notifyview: v1default
row status: nonVolatile
IronPort
+-------
IronPort C-Series, X-Series, and M-Series appliances utilize code
covered by this advisory, but are not susceptible to any security
risk. IronPort C-Series, X-Series, and M-Series incorporate the
libraries under the advisory to provide anonymous read-only access to
system health data. There is no risk of escalated authorization
privileges allowing a 3rd party to make any configuration changes to
the IronPort devices. IronPort S-Series and Encryption Appliances are
not affected by this advisory. This announcement has also been posted
on the IronPort Support Portal, available to IronPort customers:
https://supportportal.ironport.com/irppcnctr/srvcd?u=http://secure-support.soma.ironport.com/announcement&sid=900016
Products Confirmed Not Vulnerable
+--------------------------------
The following Cisco products are confirmed not vulnerable:
* Cisco PIX Security Appliances
* Cisco ASA Security Appliances
* Cisco Firewall Services Module (FWSM)
* Cisco Security Monitoring, Analysis, and Response System (MARS)
* Cisco Network Admission Control (NAC) Appliance
* CiscoWorks Wireless LAN Solution Engine (WLSE)
No other Cisco products are currently known to be affected by these
vulnerabilities.
There are three general types of SNMP operations: "get" requests to
request information, "set" requests that modify the configuration of
a remote device, and "trap" messages that provide a monitoring
function. SNMP requests and traps are transported over User Datagram
Protocol (UDP) and are received at the assigned destination port
numbers 161 and 162, respectively.
SNMPv3 provides secure access to devices by authenticating and
encrypting packets over the network. RFC2574 defines
the use of HMAC-MD5-96 and HMAC-SHA-96 as the possible authentication
protocols for SNMPv3. This advisory identifies two
vulnerabilities that are almost identical. Both are specifically
related to malformed SNMPv3 packets that manipulate the Hash Message
Authentication Code (HMAC). The two vulnerabilities may impact both
Secure Hashing Algorithm-1 (SHA-1) and Message-Digest Algorithm 5
(MD5). The vulnerabilities described in this document can be
successfully exploited using spoofed SNMPv3 packets.
These vulnerabilities are documented in the following Cisco Bug IDs:
* CSCsf04754 - IOS SNMPv3 HMAC Authentication issue
* CSCsf30109 - IOS-XR SNMPv3 HMAC Authentication issue
* CSCsf29976 - CatOS SNMPv3 HMAC Authentication issue
* CSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue
* CSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue
* CSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue
* CSCsq60582 - Nexus SNMPv3 HMAC Authentication issue
Note: Although multiple software defects are listed, this advisory
only identifies two vulnerabilities. Because different Cisco products
require their own fixes, additional Bug IDs have been assigned.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsf04754 - IOS SNMPv3 HMAC Authentication issue
- -----------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsf30109 - IOS-XR SNMPv3 HMAC Authentication issue
- --------------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsf29976 - CatOS SNMPv3 HMAC Authentication issue
- -------------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue
- ------------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue
- ---------------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.4
Exploitability - Functional
Remediation Level - Workaround
Report Confidence - Confirmed
CSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue
- ------------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.4
Exploitability - Functional
Remediation Level - Workaround
Report Confidence - Confirmed
CSCsq60582 - Nexus SNMPv3 HMAC Authentication issue
- -------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.4
Exploitability - Functional
Remediation Level - Workaround
Report Confidence - Confirmed
Impact
======
Successful exploitation of these vulnerabilities could result in the
disclosure of sensitive information on a device or allow an attacker
to make configuration changes to a vulnerable device that is based on
the SNMP configuration.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.
+---------------------------------------+
| Affected | Affected | First |
| Product | Release | Fixed |
| | | Release |
|-----------------+----------+----------|
| | 6.x | 6.4(23) |
| |----------+----------|
| Cisco Catalyst | 7.x | 7.6(19) |
|Operating |----------+----------|
| System (CatOS) | 8.5.x | 8.5(7) |
| |----------+----------|
| | 8.6.x | 8.6(1) |
+---------------------------------------+
Cisco IOS XR
+-----------
The following table lists fixed Cisco IOS XR software.
+---------------------------------------------------+
| Cisco | | |
| IOS XR | SMU ID | SMU Name |
| Version | | |
|---------+------------+----------------------------|
| 3.2.2 | AA01681 | hfr-base-3.2.2.CSCsf30109 |
|---------+------------+----------------------------|
| 3.2.3 | AA01682 | hfr-base-3.2.3.CSCsf30109 |
|---------+------------+----------------------------|
| 3.2.4 | AA01683 | hfr-base-3.2.4.CSCsf30109 |
|---------+------------+----------------------------|
| 3.2.6 | AA01684 | hfr-base-3.2.6.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.0 | AA01685 | hfr-base-3.3.0.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.0 | AA01690 | c12k-base-3.3.0.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.1 | AA01686 | hfr-base-3.3.1.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.1 | AA01688 | c12k-base-3.3.1.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.2 | Not | Not vulnerable |
| | vulnerable | |
|---------+------------+----------------------------|
| 3.4.x | Not | Not vulnerable |
| | vulnerable | |
+---------------------------------------------------+
Cisco NX-OS
+----------
The following table lists fixed Cisco NX-OS software.
+----------------------------------------+
| Affected | Affected | First Fixed |
| Product | Release | Release |
|-----------+-----------+----------------|
| Cisco | | 4.0.(2) |
| NX-OS | 4.0.(1)a | Available June |
| | | 2008 |
+----------------------------------------+
Cisco ACE Products
+-----------------
The following table lists fixed Cisco Application Control Engine
(ACE) software.
+---------------------------------------+
| Affected | Affected | First |
| Product | Release | Fixed |
| | | Release |
|----------------+----------+-----------|
| | 3.0(0)A1 | |
| Cisco | (6.x) | |
| Application | | A2(1.1) |
| Control Engine | A2(1.0) | |
| (ACE) Module | | |
| | A2(1.0a) | |
|----------------+----------+-----------|
| | A1(7.0) | |
| | | |
| Cisco | A1(7.0a) | |
| Application | | |
| Control Engine | A1(7.0b) | A1(8.0a) |
| (ACE) | | |
| Appliance | A1(7.0c) | |
| | | |
| | A1(8.0) | |
|----------------+----------+-----------|
| Cisco | 4.x | |
| Application | | 6.0.1 |
| Control Engine | 5.x | Available |
| (ACE) XML | | June 2008 |
| Gateway | 6.0 | |
+---------------------------------------+
Cisco MDS software
+-----------------
The following table lists fixed Cisco MDS Multilayer Switch software.
+---------------------------------------+
| Affected | Affected | First Fixed |
| Product | Release | Release |
|-----------+-----------+---------------|
| | 2.1 | |
| Cisco MDS | | 3.4.1 |
| 9000 | 3.0 | Available |
| | | June 2008 |
| | 3.2 | |
+---------------------------------------+
Workarounds
===========
The following workarounds have been identified for these
vulnerabilities.
Infrastructure Access Control Lists
+----------------------------------
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
Note: UDP port 161 is applicable for all versions of SNMP.
!--- Permit SNMP UDP 161 packets from
!--- trusted hosts destined to infrastructure addresses.
access-list 150 permit udp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK eq 161
!--- Deny SNMP UDP 161 packets from all
!--- other sources destined to infrastructure addresses.
access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES MASK eq 161
!--- Permit/deny all other Layer 3 and Layer 4 traffic in accordance
!--- with existing security policies and configurations
!--- Permit all other traffic to transit the device.
access-list 150 permit ip any anyinterface serial 2/0ip access-group 150 in
The white paper entitled "Protecting Your Core: Infrastructure
Protection Access Control Lists" presents guidelines and recommended
deployment techniques for infrastructure protection access lists.
This white paper can be obtained at the following link:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml
Control Plane Policing
+---------------------
Control Plane Policing (CoPP) can be used to block untrusted SNMP
access to the device. Cisco IOS software releases 12.0S, 12.2SX,
12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be
configured on a device to protect the management and control planes
and minimize the risk and effectiveness of direct infrastructure
attacks by explicitly permitting only authorized traffic that is sent
to infrastructure devices in accordance with existing security
policies and configurations. The following example, which uses
192.168.100.1 to represent a trusted host, can be adapted to your
network.
!--- Deny SNMP UDP traffic from trusted hosts to all IP addresses
!--- configured on all interfaces of the affected device so that
!--- it will be allowed by the CoPP feature
access-list 111 deny udp host 192.168.100.1 any eq 161
!--- Permit all other SNMP UDP traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will be policed and dropped by the CoPP feature
access-list 111 permit udp any any eq 161
!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!--- traffic in accordance with existing security policies and
!--- configurations for traffic that is authorized to be sent
!--- to infrastructure devices
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature
class-map match-all drop-snmpv3-class
match access-group 111
!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.
policy-map drop-snmpv3-traffic
class drop-snmpv3-class
drop
!--- Apply the Policy-Map to the
!--- Control-Plane of the device
control-plane
service-policy input drop-snmpv3-traffic
In the above CoPP example, the access control list entries (ACEs)
that match the potential exploit packets with the "permit" action
result in these packets being discarded by the policy-map "drop"
function, while packets that match the "deny" action (not shown) are
not affected by the policy-map drop function.
Please note that the policy-map syntax is different in the 12.2S and
12.0S Cisco IOS trains:
policy-map drop-snmpv3-traffic
class drop-snmpv3-class
police 32000 1500 1500 conform-action drop exceed-action drop
Additional information on the configuration and use of the CoPP
feature is available at the following links:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html
and
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html
Transit Access Control Lists
+---------------------------
Filters that deny SNMP packets using UDP port 161 should be deployed
throughout the network as part of a Transit Access Control List
(tACL) policy for protection of traffic that enters the network at
ingress access points. This policy should be configured to protect
the network device where the filter is applied and other devices
behind it. Filters for SNMP packets that use UDP port 161 should also
be deployed in front of vulnerable network devices so that traffic is
only allowed from trusted clients.
Additional information about tACLs is available in "Transit Access
Control Lists: Filtering at Your Edge:"
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
Hardening Guide Statement
+------------------------
Customers are advised to review the "Fortifying the Simple Network
Management Protocol" section of the "Cisco Guide to Harden Cisco IOS
Devices" for information on configuring an IOS device for SNMPv3
authentication and privacy:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#fortify
Cisco IOS authPriv Configuration
+-------------------------------
Enabling the SNMPv3 privacy subsystem (if it is not already in use)
is a short-term workaround for users who are unable to upgrade in a
timely fashion. This subsystem is used to encrypt SNMPv3 traffic
using a shared secret.
In Cisco IOS, administrators can enable this workaround by using the
authPriv SNMPv3 feature. Only Cisco IOS crypto images can run the
authPriv feature.
Note: Ensure that the management application supports SNMPv3
authPriv before implementing this feature.
Applied Mitigation Bulletin
+--------------------------
Additional mitigation techniques that can be deployed on Cisco devices
within the network are available in the Cisco Applied Intelligence
companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080610-SNMPv3.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound by
the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
Cisco is releasing this combined Cisco IOS and non-IOS product
advisory out of our normal bi-yearly IOS security advisory cycle due
to public disclosure of these vulnerabilities.
Cisco is not aware of any malicious exploitation of these
vulnerabilities.
These vulnerabilities were reported to Cisco by Dr. Tom Dunigan of
the University of Tennessee and Net-SNMP in cooperation with the CERT
Coordination Center.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-June-10 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
- ---------------------------------------------------------------------
Updated: Jun 10, 2008 Document ID: 107408
- ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFITruJ86n/Gc8U/uARAiuNAJwIq42/p8CUh7Dc88nAn9a1pfhhqgCfWXjv
8bYhCD0EKNQ28koObq4S+vQ=
=zOBL
-----END PGP SIGNATURE-----
. Summary
Updated ESX packages for libxml2, ucd-snmp, libtiff.
2. Relevant releases
ESX 3.0.3 without patch ESX303-200810503-SG
ESX 3.0.2 without patch ESX-1006968
ESX 2.5.5 before Upgrade Patch 10
ESX 2.5.4 before Upgrade Patch 21
NOTE: Extended support (Security and Bug fixes) for ESX 3.0.2 ended
on 2008-10-29. Extended support (Security and Bug fixes) for
ESX 2.5.4 ended on 2008-10-08.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users
should plan to upgrade to ESX 3.0.3 and preferably to the newest
release available.
3. Problem Description
a. Updated ESX Service Console package libxml2
A denial of service flaw was found in the way libxml2 processes
certain content. If an application that is linked against
libxml2 processes malformed XML content, the XML content might
cause the application to stop responding.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200810503-SG
ESX 3.0.2 ESX ESX-1006968
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. An attacker could use
this flaw to spoof an authenticated SNMPv3 packet.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Updated third party library libtiff
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker
could create a carefully crafted LZW-encoded TIFF file that would
cause an application linked with libtiff to crash or, possibly,
execute arbitrary code.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX
---
ESX 3.0.3 patch ESX303-200810503-SG
http://download3.vmware.com/software/vi/ESX303-200810503-SG.zip
md5sum: e687313e58377be41f6e6b767dfbf268
http://kb.vmware.com/kb/1006971
ESX 3.0.2 patch ESX-1006968
http://download3.vmware.com/software/vi/ESX-1006968.tgz
md5sum: fc9e30cff6f03a209e6a275254fa6719
http://kb.vmware.com/kb/1006968
VMware ESX 2.5.5 Upgrade Patch 10
http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz
md5sum: 2ee87cdd70b1ba84751e24c0bd8b4621
http://vmware.com/support/esx25/doc/esx-255-200810-patch.html
VMware ESX 2.5.4 Upgrade Patch 21
http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz
md5sum: d791be525c604c852a03dd7df0eabf35
http://vmware.com/support/esx25/doc/esx-254-200810-patch.html
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
- ------------------------------------------------------------------------
6. Change log
2008-10-31 VMSA-2008-0017
Initial security advisory after release of ESX 3.0.3, ESX 3.0.2, ESX
2.5.5 and ESX 2.5.4 patches on 2008-10-30.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
The authentication code reads the length to be checked from sender input,
this allows the sender to supply single byte HMAC code and have a 1 in 256
chance of matching the correct HMAC and authenticating, as only the first
byte will be checked. The sender would need to know a valid username.
Currently Net-SNMP and UCD-SNMP are known to be vulnerable, other SNMP
implementations may also be affected. The eCos project includes code derived
from UCD-SNMP and is therefore also affected.
Affected version:
Net-SNMP <= 5.4.1, <= 5.3.2, <= 5.2.4
UCD-SNMP, all versions
eCos, all versions
Fixed version:
Net-SNMP >= 5.4.1.1, >= 5.3.2.1, >= 5.2.4.1
UCD-SNMP, N/A
eCos, N/A
Credit: this issue was reported by CERT/CC, it is tracked as VU#878044.
CVE: CVE-2008-0960
Timeline:
2008-06-05: CERT/CC reports VU#878044 to oCERT requesting joint coordination
2008-06-05: contacted affected vendors
2008-06-06: added eCos to affected packages
2008-06-09: patched net-snmp packages released
2008-06-09: advisory release
References:
http://sourceforge.net/forum/forum.php?forum_id=833770
http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
http://www.kb.cert.org/vuls/id/878044
Links:
http://www.net-snmp.org
http://www.ece.ucdavis.edu/ucd-snmp
http://ecos.sourceware.org
Permalink:
http://www.ocert.org/advisories/ocert-2008-006.html
--
Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Multiple vulnerabilities
Date: August 06, 2008
Bugs: #222265, #225105
ID: 200808-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Net-SNMP allow for authentication bypass in
snmpd and execution of arbitrary code in Perl applications using
Net-SMNP.
Background
==========
Net-SNMP is a collection of tools for generating and retrieving SNMP
data.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/net-snmp < 5.4.1.1 >= 5.4.1.1
Description
===========
Wes Hardaker reported that the SNMPv3 HMAC verification relies on the
client to specify the HMAC length (CVE-2008-0960). John Kortink
reported a buffer overflow in the Perl bindings of Net-SNMP when
processing the OCTETSTRING in an attribute value pair (AVP) received by
an SNMP agent (CVE-2008-2292).
Impact
======
An attacker could send SNMPv3 packets to an instance of snmpd providing
a valid user name and an HMAC length value of 1, and easily conduct
brute-force attacks to bypass SNMP authentication. An attacker could
further entice a user to connect to a malicious SNMP agent with an SNMP
client using the Perl bindings, possibly resulting in the execution of
arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Net-SNMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1.1"
References
==========
[ 1 ] CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
[ 2 ] CVE-2008-2292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200808-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
CVE-2008-4309
It was reported that an integer overflow in the
netsnmp_create_subtree_cache function in agent/snmp_agent.c allows
remote attackers to cause a denial of service attack via a crafted
SNMP GETBULK request.
For the stable distribution (etch), these problems has been fixed in
version 5.2.3-7etch4.
For the testing distribution (lenny) and unstable distribution (sid)
these problems have been fixed in version 5.4.1~dfsg-11.
We recommend that you upgrade your net-snmp package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz
Size/MD5 checksum: 94030 2ccd6191c3212980956c30de392825ec
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc
Size/MD5 checksum: 1046 8018cc23033178515298d5583a74f9ff
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb
Size/MD5 checksum: 1214368 d579d8f28f3d704b6c09b2b480425086
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb
Size/MD5 checksum: 855594 b5ccd827adbcefcca3557fa9ae28cc08
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 2169470 265835564ef2b0e2e86a08000461c53b
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 944098 5b903886ee4740842715797e3231602c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 1901802 5486eb1f2a5b076e5342b1dd9cbb12e2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 933202 e3210ba1641079e0c3aaf4a50e89aedd
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 835584 b14db8c5e5b5e2d34799952975f903fb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 932008 fc79672bf64eaabd41ed1c2f4a42c7da
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 1890766 ae3832515a97a79b31e0e7f0316356ee
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 835088 62867e9ba9dfca3c7e8ae575d5a478f5
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 918844 d2d1bc5f555bc9dba153e2a9a964ffbf
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 1557924 5c2a33a015dd44708a9cc7602ca2525c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 909974 4c1cef835efc0b7ff3fea54a618eabee
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 835284 3ac835d926481c9e0f589b578455ddee
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 928252 b98e98b58c61be02e477185293427d5c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 1344158 78b6cf6b2974983e8e3670468da73cd1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 835940 9eeaf116e386dd7733ab2106c662dfa9
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 1809132 78bb5f1c12b004d32fa265e6bd99ffa1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 1926116 71c7f3095ffe1bb22e84ade21f32b3a4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 935434 85deac8531b02a0fdf3c9baa21d8e4bd
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 935640 958cb158264f75772864cd5d5c0bf251
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 1423294 f05c7491a8100684c5085588738f05b5
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 833970 cb705c9fe9418cc9348ac935ea7b0ba2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 920070 3df41a0c99c41d1bccf6801011cf8ed5
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 925914 159b4244ef701edbe0fb8c9685b5b477
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 1838900 3b7ac7b8fe0da1a3909ee56aba46d464
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 2205680 6868a56b1db04627e6921bf7237939a2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 970440 783f0cccabfbcc63590730b3803d164d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 2281114 fd04b505755a3aed0fe4c9baaac84500
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 842690 9f9ca89c3d3ba7c46481e9cd39c242a6
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 962854 c8a32f808d719357a5b6350e2b60794e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 895414 5dd919d188291cb3727d39b5e06c9e26
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 927342 28c245db4d8ea82ba4075b27d674d72a
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 833182 0e0b21e13d77de82bed7a38d30f65e4b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 1769524 24bdc73a3d20c4046c7741957442c713
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 1717562 977ae5c34a127d32d8f2bf222de9a431
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 1755032 cab5c112911465a9ce23a0d2ea44ded9
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 926616 2bf14a3fe74d9f2a523aacc8b04f5282
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 895194 b7c9ed37bf83ad92371f5472ac5d917b
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 833098 08b63ba6c3becf25ba2f941a532a7b71
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 1720642 1ff7568eb478edee923edb76cf42e9ac
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 941434 bbac9384bd7f88339e2b86fa665208c1
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 835212 4790d79f8de7f1bee7aabf0473f25268
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 1657890 b91fcf52e80c7196cea0c13df9ac79ef
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 1803262 4d298c9509941390c7b2eb68320ad211
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 928170 b17966a6a61313344ac827b58f32eeef
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 1409718 2a128cbdce2522ef49604255cff41af2
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 931452 d3bb7c3a849cd2b35fa6e4acb19c318d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 1834914 67e5b946df18b06b41b3e108d5ddc4e3
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 836102 7a4b85e8ea0e50d7213997b5f7d6309f
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 903864 3f80e78e4e2672aacf3da0690ff24b79
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 925336 5824ea607689f3f1bd62a9e6e28f95ae
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 1548630 1378d1cf730d3026bc1f01a4ab2ccedb
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 918592 28a086f6aa2ee8d510b38c1a177843fc
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 834186 068cbf2b4774ecf9504b820db26e6f1d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 1782014 d39fae5fe0d1397a2a1bd7397d6e850a
These files will probably be moved into the stable distribution on
its next update.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: net-snmp
Announcement ID: SUSE-SA:2008:039
Date: Fri, 01 Aug 2008 13:00:00 +0000
Affected Products: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SLE SDK 10 SP2
SUSE Linux Enterprise Server 10 SP1
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise Server 10 SP2
Vulnerability Type: authentication bypass, denial-of-service
Severity (1-10): 6
SUSE Default Package: no
Cross-References: CVE-2008-0960
CVE-2008-2292
Content of This Advisory:
1) Security Vulnerability Resolved:
- authentication bypass
- denial-of-service
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- viewvc/subversion
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The net-snmp daemon implements the "simple network management protocol".
The version 3 of SNMP as implemented in net-snmp uses the length of the
HMAC in a packet to verify against a local HMAC for authentication.
An attacker can therefore send a SNMPv3 packet with a one byte HMAC and
guess the correct first byte of the local HMAC with 256 packets (max).
Additionally a buffer overflow in perl-snmp was fixed that can cause a
denial-of-service/crash.
2) Solution or Work-Around
Please install the update package.
3) Special Instructions and Notes
Please restart net-snmp after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/libsnmp15-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/net-snmp-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/net-snmp-devel-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/perl-SNMP-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/snmp-mibs-5.4.1-77.2.i586.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/libsnmp15-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/net-snmp-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/net-snmp-devel-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/perl-SNMP-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/snmp-mibs-5.4.1-19.2.i586.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/net-snmp-5.4.rc2-8.i586.rpm
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/net-snmp-devel-5.4.rc2-8.i586.rpm
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/perl-SNMP-5.4.rc2-8.i586.rpm
x86-64 Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/net-snmp-32bit-5.4.1-77.2.x86_64.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/net-snmp-32bit-5.4.1-19.2.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/net-snmp-32bit-5.4.rc2-8.x86_64.rpm
Sources:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/net-snmp-5.4.1-77.2.src.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/net-snmp-5.4.1-19.2.src.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/net-snmp-5.4.rc2-8.src.rpm
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Open Enterprise Server
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
Novell Linux POS 9
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
Novell Linux Desktop 9
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Server 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Server 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SLE SDK 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SLE SDK 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Desktop 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Desktop 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE SLES 9
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- viewvc/subversion
This update of subversion fixes multiple vulnerabilities.
- CVE-2008-1290: list CVS or SVN commits on "all-forbidden" files
- CVE-2008-1291: directly access hidden CVSROOT folders
- CVE-2008-1292: expose restricted content via the revision view,
the log history, or the diff view
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.
opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ===========================================================
Ubuntu Security Notice USN-685-1 December 03, 2008
net-snmp vulnerabilities
CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsnmp-perl 5.2.1.2-4ubuntu2.3
libsnmp9 5.2.1.2-4ubuntu2.3
Ubuntu 7.10:
libsnmp-perl 5.3.1-6ubuntu2.2
libsnmp10 5.3.1-6ubuntu2.2
Ubuntu 8.04 LTS:
libsnmp-perl 5.4.1~dfsg-4ubuntu4.2
libsnmp15 5.4.1~dfsg-4ubuntu4.2
Ubuntu 8.10:
libsnmp15 5.4.1~dfsg-7.1ubuntu6.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wes Hardaker discovered that the SNMP service did not correctly validate
HMAC authentication requests. An unauthenticated remote attacker
could send specially crafted SNMPv3 traffic with a valid username
and gain access to the user's views without a valid authentication
passphrase. (CVE-2008-0960)
John Kortink discovered that the Net-SNMP Perl module did not correctly
check the size of returned values. If a user or automated system were
tricked into querying a malicious SNMP server, the application using
the Perl module could be made to crash, leading to a denial of service.
This did not affect Ubuntu 8.10. (CVE-2008-2292)
It was discovered that the SNMP service did not correctly handle large
GETBULK requests. (CVE-2008-4309)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.diff.gz
Size/MD5: 75402 9655d984a47cec8e27efa4db0b227870
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.dsc
Size/MD5: 838 17a17230a005c1acfd0569757e728fad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 1152306 f7647cee4df8db87ab48c0d05635a973
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 822946 b9b852c188937d1fffc06d4da01325d5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 896620 a78012b3f0f13667081f97dc1a4d62e8
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1497194 7d55b8d1e4ae0c45753bedcf536a1a5a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1826252 0550c1401f9bbe5f345fd96484ed369c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 889330 5ad0ddb2c610973166e4dd07769ba3d3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 797086 18cf4210342b683d3ee24fe995329b55
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 896880 298d27ea1ece6e80bb8931b9a5e61961
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1268472 acbca43ab7ea747fa3e4636d15ef997c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1710342 bd27290685bcf1d6a23eb8705d3367e7
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 881838 58121bd9e4c845da7df4e540645e0e13
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 794672 221d1c554bd89f50dc3ac9108a6cef6b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 913064 45a033b01c4b31ef90a92988bb5fb229
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1590124 b62aa5477d9307d311c811298b7ec3d9
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1728094 5214ce9aebe3a8d7a28a1746a81ce8ea
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 898580 86e6c1b5dfb5bf91f63d7c6786b7abae
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 796092 1bab28407224f782b2c3ae04b4647333
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 896832 3d233db9682d5654fdad6bc6b5a649ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1485268 064304ead0ca4653136376e8e9039e74
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1706490 cb76027eb8167e0866a81b93a4da28ed
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 883182 d1ffc12427d92be51efdba3349e74f9a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 796374 0f3f749ebe4af6111fe49316639004e4
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.diff.gz
Size/MD5: 94646 8b6f9380d9f8c5514a1d4db729c6df04
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.dsc
Size/MD5: 1287 f53866efd3ae4f3c939a77b1005e1f11
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz
Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 484306 f2d03276d1cdcef7e8b276ad8ca9595d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 901284 6889b371d4de92eb61bf83b89d8a8c37
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 2541692 1e6de4bd3c3baa444a2e1980a593a40e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 968940 7efe4bdcb99f311f1c4bb2c3b9d24a4e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 1200930 821861c24499cfdfa2a82c329c610c16
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 996572 00cc1a4c8c7924124984e666563e73d0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 908792 a40763280a3bdbe60eca5e07c5d6c30c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 2321524 59d44616802197e1227cf88abddefe36
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 967106 a6e5b308d889bdf6f5abe454e35ba474
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 1124462 ec99daa26d0fafba6e9f0b874a23bf3d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 991956 cb20b6a4d68a858ffa0846431169d411
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 907546 1ab5119e23a16e99203c113d49fc2723
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 2305548 da57690a3327196e0c3684735be23f2e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 968984 8da336a5fd871be10e6b8d66d3b9c9d3
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 1074500 e4d6690a6a6a543fc0244a29cd350c9b
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 989566 2d2f4b1662e6a2dffafe8e98f00a15e7
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 907596 4274e006754ebc836132166e0f0429a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 2641202 9b2ec56463ee715752b780aa332d8cd0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 985722 a2fca8426b7b51e98c39b91a468bf71f
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1154496 6073239f7ffead2a5b9c3357ada1602c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1018596 af12cc55597a0d2d3a92b4b5d683bb14
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 911866 57e2246930e712bdc1b039840d43af48
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 2527568 19b1a0971259a9b99f9c0386f5935bfc
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 970264 d8ae7f0bb10375ad487b14ba031cd013
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 1078842 2401fc4c40352b8c8013e8c5de3b0ecd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 995228 16b230d3c718d8eb4a023126bd09d7f5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 908708 1e410a8ddac41ad9faec901c5a638f29
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.diff.gz
Size/MD5: 78642 b4acf50e47be498e579b934f32081d25
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.dsc
Size/MD5: 1447 0abcea5df87851df2aae7ebd1fc00e7a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 526864 f3a131bf5a4f5c547573430cb66d410c
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 102072 2f276f50efdb7e34f7e61f132f7f7cd7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1796950 283c5a95206ab74062e0e30eba4e0890
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 142522 9fff294368a7eac39e37fa478ac6609d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1296694 d0646a1543c51f14a93b40f972bc1569
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 163178 0378a25e3b2a0bc80ddb8ec720b5557d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 75960 fcba461f2e2376cad515329791e04a17
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 38512 21d9ecbc86a8e5965047d027e94fd324
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1556806 39e4f63b841c4b36c022017d66c12f58
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 179478 5f08596ae997792920e238ff8cd2a7ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1098794 38bc61a5b403fb4f626a641a5f13e681
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 157954 66e38c37639f3c68e7e4a933fa953ff3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 74116 50b3a4d0cfd38585d2711d30cf725e9d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 75038 98cdeec4b1014568b00107a82fc74418
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1552018 d9dcab084f3b9bf3e8c36cb5db8f141e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 141508 96061180809cccc975e0d7079e07ed3e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1171530 2d91048fe0a2ac9e3a4fddb84c67513e
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 155564 c67ba3aeb2535ee3e7fc4c89e90ba36a
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 74274 db05202893f516398bbe4e2153ef2d6e
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 35552 a75caf212ffb5a0eafe4ba2656c9aae1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1874428 0ed8b5f4e6bad74d506d73447de00bd2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 158374 dfcd7c4455b4bbd3f746368058d09a59
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1238226 b5b3a81e956cdb14674d571694d1b6d0
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 185314 5e9d8bd56493f75ae8a8691c530aa420
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 83106 75dea32ec7152b7868fabf09d9d5a198
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 42928 214fe703fced2e387b48b51dcbb1d6b7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1760062 ade4c08289d947d092a5b2ab06517cc7
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 143860 62b7260d618531b0ed5e7871ab7b99a9
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1159702 28ea81660bbdd9d7982be58d225e8814
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 160236 196e493ce73905446a3764e73b99f332
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 75518 f24e4b0e3e4a7d97c28da99cdc0a47a5
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 38240 873f5e820e381ec2254ed520bcd09af0
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.diff.gz
Size/MD5: 82260 85fb58aa81933f142bd937bca2e18341
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.dsc
Size/MD5: 1956 1ee06f6b731eae435af6a2d438ef909b
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 527650 9c56f3d70018b714895a61c0daba9498
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 103060 108eb50387ca46b4ee38ebb8722ced88
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1815638 82385081fe2d4eeb1a6c94f9dae672ad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 146154 1b6249e02e89213f2f4d2aa9c9123420
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1315628 8443e091f2c63485a422236ad23e55cd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 165522 154a05824b98e041ceac60ac83709ef4
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 77914 8d6e328f309e78bf1fcf21c2633d82ec
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 39930 6b7a1a67ca63b5c843ce66f3547b3c89
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1569568 dd0599b150eccee9889325d17a7b0769
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 184264 52a54aebef81648164a5bc90f27b0cc5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1119072 10c81fe283b25e7ad31fcfd88a2325f0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 156112 6296f0836bc9797ff48810c79965c3a5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 74476 bd96a6915eb97fed083aac4daa5f07cf
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 77652 3e30e51c362dfa982a3b3197be081328
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1557614 065f4575c7a2d257fa6b5b9d0cee454f
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 144292 b55f2c4aff8a86499d7f38fd6e773f44
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1184272 84116fefdce279ce338ffc9614384c06
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 154444 ffe9e765a01695355bdb58008a2910f5
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 73746 762e75672fbd395d2d159513f5d572b0
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 36530 0a98b51b94a5f75d4131d657aa766579
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1884632 a3ad023841ee605efa1e055712b44d9a
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 161074 5586adea8200d2d5bf81f288b5bf7be2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1249636 48ec688499fea1dc0ccb3091c0158fb8
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 181952 8ef5f6b9b6c6b8e4fcd5cb37147304a2
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 81802 965218126fb5a49cfcd9e20afeb49782
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 43048 09f2f9ed9f519ca5723411802e46d48b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1759316 46455cc355c1b808243eada0f134d00b
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 145164 2cdb5b35db853c7c184a44022fc23cd8
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1159834 cfff424e5bff38bb3ef9419f03465388
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 163042 354f7a5423a34c411c5f8620c66d3e58
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 76994 ca11bcf9a411f618e35e1d6b6ab8c8f9
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 38526 172493ec5df1866e2633e074c7f38775
. OpenSSL Binaries Updated
This fix updates the third party OpenSSL library. net-snmp Security update
This fix upgrades the service console rpm for net-snmp to version
net-snmp-5.0.9-2.30E.24. perl Security update
This fix upgrades the service console rpm for perl to version
perl-5.8.0-98.EL3.
ESX
---
ESX 3.0.3 build 104629
ESX Server 3.0.3 CD image
md5sum: c2cda9242c6981c7eba1004e8fc5626d
Upgrade package from ESX Server 2.x to ESX Server 3.0.3
md5sum: 0ad8fa4707915139d8b2343afebeb92b
Upgrade package from earlier releases of ESX Server 3 to ESX Server
3.0.3
md5sum: ff7f3dc12d34b474b231212bdf314113
release notes:
http://www.vmware.com/support/vi3/doc/releasenotes_esx303.html
5.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
8db66ef5a5468d3fd72a47855230a28e 2007.1/i586/libnet-snmp10-5.3.1-3.2mdv2007.1.i586.rpm
c951b17138ef11828b2ccf031d4cddaf 2007.1/i586/libnet-snmp10-devel-5.3.1-3.2mdv2007.1.i586.rpm
536a87919f32fac81964d0a907bf08fe 2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.2mdv2007.1.i586.rpm
39e33947c21666dac5dbe5cfe103b26d 2007.1/i586/net-snmp-5.3.1-3.2mdv2007.1.i586.rpm
1eed5ebaff8f6f83befbf8d831900073 2007.1/i586/net-snmp-mibs-5.3.1-3.2mdv2007.1.i586.rpm
874db03c69584025e4d91049072d3c4e 2007.1/i586/net-snmp-trapd-5.3.1-3.2mdv2007.1.i586.rpm
11af93c879d8cd9353b7cb1826900222 2007.1/i586/net-snmp-utils-5.3.1-3.2mdv2007.1.i586.rpm
2c9e819eeb5fd472f6a0fe338d86182b 2007.1/i586/perl-NetSNMP-5.3.1-3.2mdv2007.1.i586.rpm
7a0806202ff8f3d838fa7958b636a449 2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
aa27de502ce22110fd745c0b847b79d9 2007.1/x86_64/lib64net-snmp10-5.3.1-3.2mdv2007.1.x86_64.rpm
1843dd154c443cca9ae977e502221d6d 2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
838bd7820d446bd947bc46e090b38066 2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
e659d3df04816330c7bf45008f66bc27 2007.1/x86_64/net-snmp-5.3.1-3.2mdv2007.1.x86_64.rpm
756d5606a1039d20a7512b0a109d53bb 2007.1/x86_64/net-snmp-mibs-5.3.1-3.2mdv2007.1.x86_64.rpm
8ad36943e07362865f3a48c99914e48c 2007.1/x86_64/net-snmp-trapd-5.3.1-3.2mdv2007.1.x86_64.rpm
483140c06017507127d12357c3ed2b41 2007.1/x86_64/net-snmp-utils-5.3.1-3.2mdv2007.1.x86_64.rpm
e2bb901815ffa1ca5b0a16bc1363f84f 2007.1/x86_64/perl-NetSNMP-5.3.1-3.2mdv2007.1.x86_64.rpm
7a0806202ff8f3d838fa7958b636a449 2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
8de3c4975620db2b2c2697d6f9deb79b 2008.0/i586/libnet-snmp15-5.4.1-1.1mdv2008.0.i586.rpm
b1991c58d996f4be200fe141e28c5f7d 2008.0/i586/libnet-snmp-devel-5.4.1-1.1mdv2008.0.i586.rpm
03c54182cc7f97633f29ff0251a8c898 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.1mdv2008.0.i586.rpm
1f792de19b7b38b56d68242958d5d800 2008.0/i586/net-snmp-5.4.1-1.1mdv2008.0.i586.rpm
e3362a641e232a6ecf0b8230f0e49ec8 2008.0/i586/net-snmp-mibs-5.4.1-1.1mdv2008.0.i586.rpm
bc6d8c10135ea64a4d512d80d04b1b39 2008.0/i586/net-snmp-trapd-5.4.1-1.1mdv2008.0.i586.rpm
8e7f28ee85fb48129eea57d11d391c8b 2008.0/i586/net-snmp-utils-5.4.1-1.1mdv2008.0.i586.rpm
beab129e378f61a6bf62d366a4d90639 2008.0/i586/perl-NetSNMP-5.4.1-1.1mdv2008.0.i586.rpm
3fce488df784163f19e6a55061d773ca 2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
82b570c9cb7e0662df4d7da730c131db 2008.0/x86_64/lib64net-snmp15-5.4.1-1.1mdv2008.0.x86_64.rpm
20b8a6e3fc8dd82fe5ecfdb337553938 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
555688caa0eee850b3a5f835a5778849 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
60d65f80aec29dcb6d4ceb4bb117a9bc 2008.0/x86_64/net-snmp-5.4.1-1.1mdv2008.0.x86_64.rpm
685c9dd25b585afc128de1b3c092e5d5 2008.0/x86_64/net-snmp-mibs-5.4.1-1.1mdv2008.0.x86_64.rpm
7bff860904572c092f737ac17940d5b2 2008.0/x86_64/net-snmp-trapd-5.4.1-1.1mdv2008.0.x86_64.rpm
e434686bddfb04f2a8bd01346517ecb4 2008.0/x86_64/net-snmp-utils-5.4.1-1.1mdv2008.0.x86_64.rpm
4fab6e498e1f05809db500ce895aad66 2008.0/x86_64/perl-NetSNMP-5.4.1-1.1mdv2008.0.x86_64.rpm
3fce488df784163f19e6a55061d773ca 2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
4bafceae1a29f6557b5aa884eca24ba0 2008.1/i586/libnet-snmp15-5.4.1-5.1mdv2008.1.i586.rpm
1eedbae5df7e503de1cba736129beaa1 2008.1/i586/libnet-snmp-devel-5.4.1-5.1mdv2008.1.i586.rpm
615a88847cbf1ce6eaf0029037a14b1b 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.1mdv2008.1.i586.rpm
7323cb7d35eb67664d40ad73b413679d 2008.1/i586/net-snmp-5.4.1-5.1mdv2008.1.i586.rpm
d43ed96a806639a94af2a137c75e276e 2008.1/i586/net-snmp-mibs-5.4.1-5.1mdv2008.1.i586.rpm
7394b1361b43056b5eb99827771358cf 2008.1/i586/net-snmp-tkmib-5.4.1-5.1mdv2008.1.i586.rpm
8d6fd9308c2edbe8c020d2c33b3a841d 2008.1/i586/net-snmp-trapd-5.4.1-5.1mdv2008.1.i586.rpm
dc58047a02e1a222af20aa794ea8f447 2008.1/i586/net-snmp-utils-5.4.1-5.1mdv2008.1.i586.rpm
2ad9888cd61fc4952c1cee0c48f714b5 2008.1/i586/perl-NetSNMP-5.4.1-5.1mdv2008.1.i586.rpm
7a19c1f8d42052af6392b18b48bd965c 2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
618c241e0ecb57685646264c9bb083b4 2008.1/x86_64/lib64net-snmp15-5.4.1-5.1mdv2008.1.x86_64.rpm
bb0ebf49ee7cca29965aeb398f4725f6 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
b4f29f00773291f6cc00784ed7cde470 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
3039811b6682dc4009b32ff48a99eb2b 2008.1/x86_64/net-snmp-5.4.1-5.1mdv2008.1.x86_64.rpm
fab09178635501eb5d6a82eb7bd532a3 2008.1/x86_64/net-snmp-mibs-5.4.1-5.1mdv2008.1.x86_64.rpm
da29d4c7edaa15d95f8bee98dbfab025 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.1mdv2008.1.x86_64.rpm
d9aad834d82d310c64f6f21e17a55920 2008.1/x86_64/net-snmp-trapd-5.4.1-5.1mdv2008.1.x86_64.rpm
7a7c871bd87dc91c16b046ac115cda70 2008.1/x86_64/net-snmp-utils-5.4.1-5.1mdv2008.1.x86_64.rpm
d102ea2af0fcaaebd98defda72bcfc91 2008.1/x86_64/perl-NetSNMP-5.4.1-5.1mdv2008.1.x86_64.rpm
7a19c1f8d42052af6392b18b48bd965c 2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Corporate 3.0:
335af3930865c8eb44ef436cad5fb373 corporate/3.0/i586/libnet-snmp5-5.1-7.4.C30mdk.i586.rpm
b8e1d307ee6fa3905d292077fc063318 corporate/3.0/i586/libnet-snmp5-devel-5.1-7.4.C30mdk.i586.rpm
a668cc4de411865567d1a93f34cee1e3 corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.4.C30mdk.i586.rpm
d8c0d342b03e5719443d2de06c631bd5 corporate/3.0/i586/libsnmp0-4.2.3-8.2.C30mdk.i586.rpm
6bbe3bb2502ce3c974f7b5737331bb4d corporate/3.0/i586/libsnmp0-devel-4.2.3-8.2.C30mdk.i586.rpm
daca10f2e578f75c1e7415d78ed30265 corporate/3.0/i586/net-snmp-5.1-7.4.C30mdk.i586.rpm
1630ebd75201e1bc3956b12a26282f92 corporate/3.0/i586/net-snmp-mibs-5.1-7.4.C30mdk.i586.rpm
5a4f483c877a6278088a265cb3273d61 corporate/3.0/i586/net-snmp-trapd-5.1-7.4.C30mdk.i586.rpm
316d866de7fa7cd984d58f5cb742f5e3 corporate/3.0/i586/net-snmp-utils-5.1-7.4.C30mdk.i586.rpm
e3d4197517565f12e2c3a8fd1cc5d2e7 corporate/3.0/i586/ucd-snmp-4.2.3-8.2.C30mdk.i586.rpm
17e8d856fd1dac18552818a842105c88 corporate/3.0/i586/ucd-snmp-utils-4.2.3-8.2.C30mdk.i586.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2 corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
b31f277942fca76d953007c94a60cae2 corporate/3.0/x86_64/lib64net-snmp5-5.1-7.4.C30mdk.x86_64.rpm
e4a3fba10ccdd805dc8783ae68c99a42 corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.4.C30mdk.x86_64.rpm
530a94cc87af0e4d6e9f3815473c0dd4 corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.4.C30mdk.x86_64.rpm
f246ca421b5d16c599d53f70e4b97660 corporate/3.0/x86_64/lib64snmp0-4.2.3-8.2.C30mdk.x86_64.rpm
b943e07726a2fecb016ef4ba626906d8 corporate/3.0/x86_64/lib64snmp0-devel-4.2.3-8.2.C30mdk.x86_64.rpm
22822876f72e35cf6d1ed027df93e74a corporate/3.0/x86_64/net-snmp-5.1-7.4.C30mdk.x86_64.rpm
e7e51782b9bbd1e1bdf93c17fb953280 corporate/3.0/x86_64/net-snmp-mibs-5.1-7.4.C30mdk.x86_64.rpm
e67a9105f9492c020693d48ce55652ea corporate/3.0/x86_64/net-snmp-trapd-5.1-7.4.C30mdk.x86_64.rpm
171a17e507b2dfdb9c70c0089e582221 corporate/3.0/x86_64/net-snmp-utils-5.1-7.4.C30mdk.x86_64.rpm
96886146d21175b076e92d59e96f5016 corporate/3.0/x86_64/ucd-snmp-4.2.3-8.2.C30mdk.x86_64.rpm
1b6ee4c253f15be516a1928a4f791f15 corporate/3.0/x86_64/ucd-snmp-utils-4.2.3-8.2.C30mdk.x86_64.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2 corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 4.0:
6cbe9d76db3b05c2435bcbc5cf16c898 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.2.20060mlcs4.i586.rpm
586a55cfde45020d5ea0ebf5f2d6c840 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
d992d8300cf0639942a179349d592e15 corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
03a49b848c376b705dcfcef0ec817daf corporate/4.0/i586/net-snmp-5.2.1.2-5.2.20060mlcs4.i586.rpm
22b9d01b3b7a8a34ed3e1a5a435286a8 corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.i586.rpm
dccc01a94c1f29eac2875e6a935bf589 corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.i586.rpm
77f93230f96abce039b52ca5612eaa36 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.i586.rpm
8a7209b70979c9d73035ff40cbd8dbb4 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.i586.rpm
ac919459a8752cddfd441c085ca69117 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f94c7e967973ba8aa12b5605251d6e78 corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
f332985986eff2d6c8a75b5c263dedb1 corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
82fc454916e75866370ee738292021c8 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ff0adeb23df57eb34869c7100df159da corporate/4.0/x86_64/net-snmp-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
72f2dc9cb1695999660a9ff9c97e4c47 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
0f244551c87e051a8274e5050cf0bc2a corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
7c4e7fb304c77c6551a50495d338e84e corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
68d81ca4c173710ef43b36092df2a6ee corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ac919459a8752cddfd441c085ca69117 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
f98286a301d580fe306917cf0169ef88 mnf/2.0/i586/libnet-snmp5-5.1-7.4.M20mdk.i586.rpm
3ba27516773b1dd933828207cecc7754 mnf/2.0/SRPMS/net-snmp-5.1-7.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
VAR-200705-0688 | CVE-2008-2364 | Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Hitachi Web Server contains a vulnerability that could lead to a denial of service (DoS) condition when using it as a reverse proxy due to excessive memory usage.The server could fall into a denial of service (DoS) state when continuously receiving fraudulent responses from backend Web servers. (DoS) Vulnerabilities exist.Denial of service due to response sent in large quantities by third parties (DoS) There is a possibility of being put into a state.
Attackers may exploit this issue to cause denial-of-service conditions.
Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007.
The security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability
31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability
31708 Apple Mac OS X 'hosts.equiv' Security Bypass Vulnerability
31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability
31711 Apple Mac OS X 'configd' EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability
31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability
31720 Apple Finder Denial of Service Vulnerability
31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability
31688 CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
31722 Apple Mac OS X 10.5 'launchd' Unspecified Security Bypass Vulnerability.
A cross-site scripting vulnerability was found in the mod_proxy_ftp
module in Apache that allowed remote attackers to inject arbitrary
web script or HTML via wildcards in a pathname in an FTP URI
(CVE-2008-2939).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
7ba0fa98b5e5f34f2c3bb5798f300736 2007.1/i586/apache-base-2.2.4-6.5mdv2007.1.i586.rpm
82dccbbcca45d5aba2c7a9afb615ffb7 2007.1/i586/apache-devel-2.2.4-6.5mdv2007.1.i586.rpm
43c50d9ad73f39e88acf35a48915f472 2007.1/i586/apache-htcacheclean-2.2.4-6.5mdv2007.1.i586.rpm
7e7821b41de94eba4e413c4218e72f05 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.i586.rpm
82b527ca5b90f4857ece74972c34bd2b 2007.1/i586/apache-mod_cache-2.2.4-6.5mdv2007.1.i586.rpm
4bc7f0488a4c8ea05446ea04611fa671 2007.1/i586/apache-mod_dav-2.2.4-6.5mdv2007.1.i586.rpm
fa53bb715a9733fc5f4ef8a18e8a1577 2007.1/i586/apache-mod_dbd-2.2.4-6.5mdv2007.1.i586.rpm
d9759e97fb29783b69ee4bebba96e9d8 2007.1/i586/apache-mod_deflate-2.2.4-6.5mdv2007.1.i586.rpm
9934937a1a7fb3ab277daac03a04fd6e 2007.1/i586/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.i586.rpm
4f16a0af444be1610749287944264d1b 2007.1/i586/apache-mod_file_cache-2.2.4-6.5mdv2007.1.i586.rpm
9b1fc5ab5579bde1fbfb9ae08b18d1ec 2007.1/i586/apache-mod_ldap-2.2.4-6.5mdv2007.1.i586.rpm
9a9029063f10dd3fa81ee4eed3fe5d51 2007.1/i586/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.i586.rpm
6930a06576c337ca7ecaab2a8cf4ca59 2007.1/i586/apache-mod_proxy-2.2.4-6.5mdv2007.1.i586.rpm
c7834d18c0999590abb42d3efad7a035 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.i586.rpm
641b5bc3988af4ee0f5600e2d34c1230 2007.1/i586/apache-mod_ssl-2.2.4-6.5mdv2007.1.i586.rpm
af9bada6d30145bfaa58be10eec6798b 2007.1/i586/apache-modules-2.2.4-6.5mdv2007.1.i586.rpm
796296888cfb7978fbca22764de10753 2007.1/i586/apache-mod_userdir-2.2.4-6.5mdv2007.1.i586.rpm
110acb3a28bf8e911309afd7d5381950 2007.1/i586/apache-mpm-event-2.2.4-6.5mdv2007.1.i586.rpm
065949244c838c9ec8baf47e66227803 2007.1/i586/apache-mpm-itk-2.2.4-6.5mdv2007.1.i586.rpm
ad0e0e109fbed8fc7be0d6b8b36c7503 2007.1/i586/apache-mpm-prefork-2.2.4-6.5mdv2007.1.i586.rpm
31ce817bb36ec93214fdb177f86096cf 2007.1/i586/apache-mpm-worker-2.2.4-6.5mdv2007.1.i586.rpm
5eba2d9af248c7107279f21cd4bde2b3 2007.1/i586/apache-source-2.2.4-6.5mdv2007.1.i586.rpm
012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
5997be8532eccc8f20f5c121895df248 2007.1/x86_64/apache-base-2.2.4-6.5mdv2007.1.x86_64.rpm
096a4e2f17838c847099f2dc41e4ca5a 2007.1/x86_64/apache-devel-2.2.4-6.5mdv2007.1.x86_64.rpm
b4f3cd71a3683bcc4e9b1dcdabcbfdaa 2007.1/x86_64/apache-htcacheclean-2.2.4-6.5mdv2007.1.x86_64.rpm
f03a92759c1159477f04890092636f27 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm
1bc914605bd0c3b05d455eeb053068e2 2007.1/x86_64/apache-mod_cache-2.2.4-6.5mdv2007.1.x86_64.rpm
3e8aaa6e0d70bdc5f439928f102a5f61 2007.1/x86_64/apache-mod_dav-2.2.4-6.5mdv2007.1.x86_64.rpm
a51dabbb6220c17ecdb001cf1444e99f 2007.1/x86_64/apache-mod_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm
1252150d2fc936309c6cb9794627cc8f 2007.1/x86_64/apache-mod_deflate-2.2.4-6.5mdv2007.1.x86_64.rpm
bc4878995bfe34a46419a3a6aa090d91 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.x86_64.rpm
cd8b213c41d3dce5070483cf2e9d71e2 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.5mdv2007.1.x86_64.rpm
ec1a79f3d6defecb3ed2dbf8d85ba98c 2007.1/x86_64/apache-mod_ldap-2.2.4-6.5mdv2007.1.x86_64.rpm
6158e3825e4b7e631f6c6eab65660aab 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.x86_64.rpm
4b01be50b5531dfd3a92189388165c7b 2007.1/x86_64/apache-mod_proxy-2.2.4-6.5mdv2007.1.x86_64.rpm
32735f0b995664e2983c3768473db144 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.x86_64.rpm
a1709d589420b97e255a7f5db47e859c 2007.1/x86_64/apache-mod_ssl-2.2.4-6.5mdv2007.1.x86_64.rpm
936c34490fcc180777a3248d9970da5a 2007.1/x86_64/apache-modules-2.2.4-6.5mdv2007.1.x86_64.rpm
0364549013611e3e748a917a6269a61d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.5mdv2007.1.x86_64.rpm
2640fd4b78d98e1aa7a8d994d7610b16 2007.1/x86_64/apache-mpm-event-2.2.4-6.5mdv2007.1.x86_64.rpm
4edad0e4f3119f88d4360d5a11dd3fd4 2007.1/x86_64/apache-mpm-itk-2.2.4-6.5mdv2007.1.x86_64.rpm
6ed107f6f60a88008aa0a21d1133c78e 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.5mdv2007.1.x86_64.rpm
c39136dbd1fe0d53b80ed5fb232c775b 2007.1/x86_64/apache-mpm-worker-2.2.4-6.5mdv2007.1.x86_64.rpm
46b245caca2ae8afa49d9e13122cae58 2007.1/x86_64/apache-source-2.2.4-6.5mdv2007.1.x86_64.rpm
012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm
Mandriva Linux 2008.0:
9fba06d7b75a7400faf855f0947f0ead 2008.0/i586/apache-base-2.2.6-8.2mdv2008.0.i586.rpm
c560ededd59c4f2556074326363991fe 2008.0/i586/apache-devel-2.2.6-8.2mdv2008.0.i586.rpm
80cb61aff0fc88d4e88074bfaf789e0a 2008.0/i586/apache-htcacheclean-2.2.6-8.2mdv2008.0.i586.rpm
69d3778cb2452189e9586c2f517c67ff 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.i586.rpm
3b965dacd1d53c70b21bcbb45b62b4e4 2008.0/i586/apache-mod_cache-2.2.6-8.2mdv2008.0.i586.rpm
6b780e4611adb7d56bd562334f98c6ef 2008.0/i586/apache-mod_dav-2.2.6-8.2mdv2008.0.i586.rpm
148aad51fd72443d47f8afbf07943fc0 2008.0/i586/apache-mod_dbd-2.2.6-8.2mdv2008.0.i586.rpm
e908b7d6220cb636d53a9989ed84337b 2008.0/i586/apache-mod_deflate-2.2.6-8.2mdv2008.0.i586.rpm
3ecc6c18d5ee2e34b6e3c770ce28199a 2008.0/i586/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.i586.rpm
7557a733237c84de3477113a80119656 2008.0/i586/apache-mod_file_cache-2.2.6-8.2mdv2008.0.i586.rpm
586a9e027e6ec327c24f231d1c2705e3 2008.0/i586/apache-mod_ldap-2.2.6-8.2mdv2008.0.i586.rpm
de055c23ec9eac3ac78f6a31146db8a9 2008.0/i586/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.i586.rpm
4a32c704527fd42c97ffb8be87531363 2008.0/i586/apache-mod_proxy-2.2.6-8.2mdv2008.0.i586.rpm
ad7bdc0861c42629366b0c4f0552eb0a 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.i586.rpm
0ae1b7ba57162f8ae870e08e48f0d964 2008.0/i586/apache-mod_ssl-2.2.6-8.2mdv2008.0.i586.rpm
2d848e1ee979d12c66ef10b638ebce6e 2008.0/i586/apache-modules-2.2.6-8.2mdv2008.0.i586.rpm
085e672acacd0642f2baa8bce631b26b 2008.0/i586/apache-mod_userdir-2.2.6-8.2mdv2008.0.i586.rpm
3564507283ffddfaa528991d514ce3c4 2008.0/i586/apache-mpm-event-2.2.6-8.2mdv2008.0.i586.rpm
360033e8459d52a323753246d977eb2b 2008.0/i586/apache-mpm-itk-2.2.6-8.2mdv2008.0.i586.rpm
ca4c9127740d3a433087031c706878ab 2008.0/i586/apache-mpm-prefork-2.2.6-8.2mdv2008.0.i586.rpm
b892724c9776743f777ebf9da44159a8 2008.0/i586/apache-mpm-worker-2.2.6-8.2mdv2008.0.i586.rpm
15cc53561ac91ba3f89af6c2057726a7 2008.0/i586/apache-source-2.2.6-8.2mdv2008.0.i586.rpm
fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f5c28f5db00c8d87e77bbe8b387c29e1 2008.0/x86_64/apache-base-2.2.6-8.2mdv2008.0.x86_64.rpm
2ea378183715ca15ead2b60c0ba6d1f3 2008.0/x86_64/apache-devel-2.2.6-8.2mdv2008.0.x86_64.rpm
d15052d92f5918f47be634f052f5c8f8 2008.0/x86_64/apache-htcacheclean-2.2.6-8.2mdv2008.0.x86_64.rpm
e00bae3dea071434ee63a0708f9cb2c9 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm
e16ceda13087b1e924b1233fa4c58568 2008.0/x86_64/apache-mod_cache-2.2.6-8.2mdv2008.0.x86_64.rpm
86ddeb3f207a928c537a1bac4a3b59f1 2008.0/x86_64/apache-mod_dav-2.2.6-8.2mdv2008.0.x86_64.rpm
2a239f7bd6a3e74a29b69f29f217fd98 2008.0/x86_64/apache-mod_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm
6c3faec4fd23ed64ecbf508097fa948c 2008.0/x86_64/apache-mod_deflate-2.2.6-8.2mdv2008.0.x86_64.rpm
286c89f9021f2e766324f52196b6e03f 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.x86_64.rpm
480c9861c06f5b535bcd0bd87e225023 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.2mdv2008.0.x86_64.rpm
61ed284bda26162a1da185a2aedca12e 2008.0/x86_64/apache-mod_ldap-2.2.6-8.2mdv2008.0.x86_64.rpm
2c8670da45ffbff476a189f4af7eecb3 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.x86_64.rpm
bee8fdde4536e497abfc7e48dd659689 2008.0/x86_64/apache-mod_proxy-2.2.6-8.2mdv2008.0.x86_64.rpm
d45fe91cccf27cd403cfb2fd2f5bb5ba 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.x86_64.rpm
d9becf61089cb4dc0b224e4fccb11fb4 2008.0/x86_64/apache-mod_ssl-2.2.6-8.2mdv2008.0.x86_64.rpm
62ac5f1ec4c984dce76176203f5eeb6e 2008.0/x86_64/apache-modules-2.2.6-8.2mdv2008.0.x86_64.rpm
7042049d1d0b99c1e7f46142d6993761 2008.0/x86_64/apache-mod_userdir-2.2.6-8.2mdv2008.0.x86_64.rpm
bd06a8f2c4074d5722556c38c5e0dc03 2008.0/x86_64/apache-mpm-event-2.2.6-8.2mdv2008.0.x86_64.rpm
6848d1ad52463fbf9de4631b22a4dd81 2008.0/x86_64/apache-mpm-itk-2.2.6-8.2mdv2008.0.x86_64.rpm
6bc3fee77b90a73d54dba755a96f4e11 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.2mdv2008.0.x86_64.rpm
e9b20462aef79d790d604da2e59cc503 2008.0/x86_64/apache-mpm-worker-2.2.6-8.2mdv2008.0.x86_64.rpm
a378e191f066f819419106a65e472535 2008.0/x86_64/apache-source-2.2.6-8.2mdv2008.0.x86_64.rpm
fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
19bd0997c144cfd6c0792227f97c840a 2008.1/i586/apache-base-2.2.8-6.1mdv2008.1.i586.rpm
c0bc6f89d51f7aeb0a907155ce424e63 2008.1/i586/apache-devel-2.2.8-6.1mdv2008.1.i586.rpm
38019754e020560317f9e4143c31120b 2008.1/i586/apache-htcacheclean-2.2.8-6.1mdv2008.1.i586.rpm
9d4d3b487b9e4a930e0dfad6f9a86b11 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.i586.rpm
dcd9a987da631e20f0af5825c7a0f4cf 2008.1/i586/apache-mod_cache-2.2.8-6.1mdv2008.1.i586.rpm
9d77821dcb46af8c01e7dd30a74fd3f5 2008.1/i586/apache-mod_dav-2.2.8-6.1mdv2008.1.i586.rpm
7ec8c8bec08a8c7812e93ae6f630d721 2008.1/i586/apache-mod_dbd-2.2.8-6.1mdv2008.1.i586.rpm
4b3f7f658ca523658fcff97884404569 2008.1/i586/apache-mod_deflate-2.2.8-6.1mdv2008.1.i586.rpm
838d9649e9f9850ff7f50a9686783958 2008.1/i586/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.i586.rpm
114c083f976c1c59f9ed2fc7865f47b9 2008.1/i586/apache-mod_file_cache-2.2.8-6.1mdv2008.1.i586.rpm
efc293cd668271a0131d84a9776e7cb4 2008.1/i586/apache-mod_ldap-2.2.8-6.1mdv2008.1.i586.rpm
e1e2413f175fa207ffb8d5ce2903439f 2008.1/i586/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.i586.rpm
80e42fb54b7c926bd4ae6c8869bfe2b4 2008.1/i586/apache-mod_proxy-2.2.8-6.1mdv2008.1.i586.rpm
b14cb1c38ff72f65af3dc26f419248b2 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.i586.rpm
222d326db8d3d9c7ff49a5edf54ad460 2008.1/i586/apache-mod_ssl-2.2.8-6.1mdv2008.1.i586.rpm
8d4d65f206604150103a767559ce4ac0 2008.1/i586/apache-modules-2.2.8-6.1mdv2008.1.i586.rpm
a02bf7d7cd6cb86b24728055f31e00e8 2008.1/i586/apache-mod_userdir-2.2.8-6.1mdv2008.1.i586.rpm
762b5a44d6ab770663e7802db5880c5c 2008.1/i586/apache-mpm-event-2.2.8-6.1mdv2008.1.i586.rpm
1ad89877cf9e1d19c9c0ae31da79cc4b 2008.1/i586/apache-mpm-itk-2.2.8-6.1mdv2008.1.i586.rpm
9e88d760212153696531a36e44e599da 2008.1/i586/apache-mpm-prefork-2.2.8-6.1mdv2008.1.i586.rpm
f50d7edde588f2439aa4e831a63c35d7 2008.1/i586/apache-mpm-worker-2.2.8-6.1mdv2008.1.i586.rpm
a9f60a580681ac55bc61ae250326dc6a 2008.1/i586/apache-source-2.2.8-6.1mdv2008.1.i586.rpm
ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
7aafb608166a15e6373c11011e72117d 2008.1/x86_64/apache-base-2.2.8-6.1mdv2008.1.x86_64.rpm
9c39fe151fc9261c77fc5484f793358d 2008.1/x86_64/apache-devel-2.2.8-6.1mdv2008.1.x86_64.rpm
d5dd9482dbfed961af363261f769a136 2008.1/x86_64/apache-htcacheclean-2.2.8-6.1mdv2008.1.x86_64.rpm
a839a342ce15d6076907fa85b652ac45 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm
c1cdf8ea93464f350cd5a97282a963a8 2008.1/x86_64/apache-mod_cache-2.2.8-6.1mdv2008.1.x86_64.rpm
0ebe3595df3974b090e1e41653a61ac8 2008.1/x86_64/apache-mod_dav-2.2.8-6.1mdv2008.1.x86_64.rpm
50d80ef4989cecf6d9b4d3a36e91c3f8 2008.1/x86_64/apache-mod_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm
89badb88265d34c6b4dafcbd7240618d 2008.1/x86_64/apache-mod_deflate-2.2.8-6.1mdv2008.1.x86_64.rpm
6814c312ec71fa619e1533f08ed3d1fa 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.x86_64.rpm
ea7900772a2a78ba4913c41762c39069 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.1mdv2008.1.x86_64.rpm
b146eaeb311a6107d51413bc29d70315 2008.1/x86_64/apache-mod_ldap-2.2.8-6.1mdv2008.1.x86_64.rpm
7198b641d46ea2f24664c4a9d02b9063 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.x86_64.rpm
e04cdfbbad417123adae10cf13a2b626 2008.1/x86_64/apache-mod_proxy-2.2.8-6.1mdv2008.1.x86_64.rpm
8f9a04efe7760b08220b27f1cabd8a49 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.x86_64.rpm
8ed701d6c742a5e60196653f79989a8a 2008.1/x86_64/apache-mod_ssl-2.2.8-6.1mdv2008.1.x86_64.rpm
3beb942d20bf63c2bc8cef202ef0e0aa 2008.1/x86_64/apache-modules-2.2.8-6.1mdv2008.1.x86_64.rpm
fd40ed97d50b583c7f21a686d8146c7d 2008.1/x86_64/apache-mod_userdir-2.2.8-6.1mdv2008.1.x86_64.rpm
f7451170b9c2c7f3f55a0d44567bebfe 2008.1/x86_64/apache-mpm-event-2.2.8-6.1mdv2008.1.x86_64.rpm
6e1b59583a15313f8dbf347170ec581d 2008.1/x86_64/apache-mpm-itk-2.2.8-6.1mdv2008.1.x86_64.rpm
b60967808f886fc4444054fe4ba685fd 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.1mdv2008.1.x86_64.rpm
0ab90ebae3fcfd1fa809e62e546222db 2008.1/x86_64/apache-mpm-worker-2.2.8-6.1mdv2008.1.x86_64.rpm
7726d40130eb5a14d8cf272cd08f7485 2008.1/x86_64/apache-source-2.2.8-6.1mdv2008.1.x86_64.rpm
ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm
Corporate 4.0:
b59bbaecc0f3c6301bee564c2862430a corporate/4.0/i586/apache-base-2.2.3-1.4.20060mlcs4.i586.rpm
b3141af91788ac68afd1cfb34426cec3 corporate/4.0/i586/apache-devel-2.2.3-1.4.20060mlcs4.i586.rpm
309db27fc902b7eb77e0fd2b5e03359f corporate/4.0/i586/apache-htcacheclean-2.2.3-1.4.20060mlcs4.i586.rpm
8e7d56d01a51b7239b080765fd858088 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.i586.rpm
8e6bd8c3a89f5f277fb56e60b37bb6a9 corporate/4.0/i586/apache-mod_cache-2.2.3-1.4.20060mlcs4.i586.rpm
fd99c7e58d56eb14a0e94c27edb2daf2 corporate/4.0/i586/apache-mod_dav-2.2.3-1.4.20060mlcs4.i586.rpm
75968093eca9011dd115d948c44f29ba corporate/4.0/i586/apache-mod_dbd-2.2.3-1.4.20060mlcs4.i586.rpm
ba5118b4c1caa7e4b75229b5643b06b9 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.4.20060mlcs4.i586.rpm
abb27116fae7ff7d319516c0f9a0a5e4 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.i586.rpm
e1bb6ed7fb0fbb39f762a932f34dc67b corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.i586.rpm
a3d85c92d66a0ca0ed6dc6a6c6df23b4 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.4.20060mlcs4.i586.rpm
eca828a6bd374d98af6fd785aa6970af corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.i586.rpm
8e28a95bd7f655c5b98c7405ca74de18 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.4.20060mlcs4.i586.rpm
23a2687957dae00dadc44b864032a838 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.i586.rpm
a4a143aa2f9f8b1d3cedf68429a90fa4 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.4.20060mlcs4.i586.rpm
779cf371acd7012ac1acfaac0062a38a corporate/4.0/i586/apache-modules-2.2.3-1.4.20060mlcs4.i586.rpm
e1a8927f0cfd3a08ca2af42ebc64932e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.4.20060mlcs4.i586.rpm
3415eea7176bb392b87540c2bfcfed2b corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.i586.rpm
9b79811544ad30fd91608d5839b521eb corporate/4.0/i586/apache-mpm-worker-2.2.3-1.4.20060mlcs4.i586.rpm
1403616f0ba1cbcc552f7e33a32b303f corporate/4.0/i586/apache-source-2.2.3-1.4.20060mlcs4.i586.rpm
fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e46ce6fe84b67d3d6caf6782d9352555 corporate/4.0/x86_64/apache-base-2.2.3-1.4.20060mlcs4.x86_64.rpm
5b1993dca50465213ca285d3fc38bc07 corporate/4.0/x86_64/apache-devel-2.2.3-1.4.20060mlcs4.x86_64.rpm
7076dbe94461207aa2399b887e6b669f corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.4.20060mlcs4.x86_64.rpm
e51acf392e315892cfc60ef342b3e9f0 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm
270e619d353fa9348b2d5713e660bb69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm
8e8ae8e260b69d7150c6d7f8162eb261 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.4.20060mlcs4.x86_64.rpm
11fc6ca48580398733c9c26c6097aeb8 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm
6750c2039c64dd866146d240f06b302f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.4.20060mlcs4.x86_64.rpm
0c7db97343700984a02d6365069bfbd5 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm
d60aa90ac7a459f237a6c0ed190b0ea1 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm
873b63a672417971078076a5e3e4f363 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.4.20060mlcs4.x86_64.rpm
d964415079d86d6c6ff78381e3dfe8ef corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm
c014bede921593c1035d8a1488909ab9 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.4.20060mlcs4.x86_64.rpm
d4469077e683ea2a034bfb35be9ca8f6 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.x86_64.rpm
35638d36e7c4832f70460294ef496d33 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.4.20060mlcs4.x86_64.rpm
de62531cfcf279b966c08940df7dc298 corporate/4.0/x86_64/apache-modules-2.2.3-1.4.20060mlcs4.x86_64.rpm
a44db8a0824aa8ec654338640e30e14c corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.4.20060mlcs4.x86_64.rpm
be326111f9e8dd9fb0a9a7699f7f99dd corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.x86_64.rpm
3b29042dd082e4f0f8e04fbff2f14c23 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.4.20060mlcs4.x86_64.rpm
576aed8c357f707db0e488e13b68834c corporate/4.0/x86_64/apache-source-2.2.3-1.4.20060mlcs4.x86_64.rpm
fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIzBUvmqjQ0CJFipgRApHOAKCvASwDjqj110UnAsle/Jtgw9VwhwCg7zVf
0jg30niEBGmySzuHETORyts=
=wMau
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01539432
Version: 1
HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-08-26
Last Updated: 2008-08-27
Potential Security Impact: Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS).
References: CVE-2007-4465, CVE-2008-2168, CVE-2008-2364
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.05 and previous
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
Reference Base Vector Base Score
CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities.
The updates are available for download from:
URL: ftp://srt80118:srt80118@hprc.external.hp.com
HP-UX Release - B.11.11 (IPv4 and IPv6)
Apache Depot name - HPUXWSA-B219-03-1111ipv6.depot
MD5 Sum - 166ac363bed403ba5eba2ad02863315d
HP-UX Release - B.11.23 PA-32
Apache Depot name - HPUXWSA-B219-03-1123-32.depot
MD5 Sum - b59c377a377c86067115012c19b316f5
HP-UX Release - B.11.23 IA-64
Apache Depot name - HPUXWSA-B219-03-1123-64.depot
MD5 Sum - 083b501f0ab2cc30cb536bcbc6eb65ff
HP-UX Release - B.11.31 PA-32
Apache Depot name - HPUXWSA-B219-03-1131-32.depot
MD5 Sum - f1927dd378a4656412aadd8005da0b1b
HP-UX Release - B.11.31 IA-64
Apache Depot name - HPUXWSA-B219-03-1131-64.depot
MD5 Sum - af7f377e215cb7c988bc07ca5f30190f
MANUAL ACTIONS: Yes - Update plus other actions
Install Apache v2.0.59.07.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Apache IPv4 and IPv6
HP-UX B.11.11
=============
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.07.01 or subsequent and restart Apache
URL: ftp://srt80118:srt80118@hprc.external.hp.com
HP-UX B.11.23
=============
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.07.01 or subsequent and restart Apache
URL: ftp://srt80118:srt80118@hprc.external.hp.com
HP-UX B.11.31
=============
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.07.01 or subsequent and restart Apache
URL: ftp://srt80118:srt80118@hprc.external.hp.com
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 27 August 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSLXYA+AfOvwtKn1ZEQKjbgCgrQpfuEwWWBX9qs1Iyq282KP4alwAnR/y
5nAFOH72tNKo5XvbFV534DO8
=vaoD
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-731-1 March 10, 2009
apache2 vulnerabilities
CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168,
CVE-2008-2364, CVE-2008-2939
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.4
apache2-mpm-perchild 2.0.55-4ubuntu2.4
apache2-mpm-prefork 2.0.55-4ubuntu2.4
apache2-mpm-worker 2.0.55-4ubuntu2.4
Ubuntu 7.10:
apache2-mpm-event 2.2.4-3ubuntu0.2
apache2-mpm-perchild 2.2.4-3ubuntu0.2
apache2-mpm-prefork 2.2.4-3ubuntu0.2
apache2-mpm-worker 2.2.4-3ubuntu0.2
apache2.2-common 2.2.4-3ubuntu0.2
Ubuntu 8.04 LTS:
apache2-mpm-event 2.2.8-1ubuntu0.4
apache2-mpm-perchild 2.2.8-1ubuntu0.4
apache2-mpm-prefork 2.2.8-1ubuntu0.4
apache2-mpm-worker 2.2.8-1ubuntu0.4
apache2.2-common 2.2.8-1ubuntu0.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Apache did not sanitize the method specifier header from
an HTTP request when it is returned in an error message, which could result in
browsers becoming vulnerable to cross-site scripting attacks when processing the
output. With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2007-6203)
It was discovered that Apache was vulnerable to a cross-site request forgery
(CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator
were tricked into clicking a link on a specially crafted web page, an attacker
could trigger commands that could modify the balancer manager configuration. (CVE-2007-6420)
It was discovered that Apache had a memory leak when using mod_ssl with
compression. A remote attacker could exploit this to exhaust server memory,
leading to a denial of service.
(CVE-2008-1678)
It was discovered that in certain conditions, Apache did not specify a default
character set when returning certain error messages containing UTF-7 encoded
data, which could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. (CVE-2008-2364)
It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when
they are returned in directory listings, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output.
(CVE-2008-2939)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz
Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc
Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb
Size/MD5: 2124948 5153435633998e4190b54eb101afd271
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 786528 353ed1839a8201d0211ede114565e60d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 199114 6a77314579722ca085726e4220be4e9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 92520 787a673994d746b4ad3788c16516832a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 803706 f14be1535acf528f89d301c8ec092015
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 211028 28b74d86e10301276cadef208b460658
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 268178 5a853d01127853405a677c53dc2bf254
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 130456 a0a51bb9405224948b88903779347427
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz
Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc
Size/MD5: 1333 b028e602b998a666681d1aa73b980c06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 410674 684ad4367bc9250468351b5807dee424
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 411258 17f53e8d3898607ce155dc333237690c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 367392 612ddcebee145f765163a0b30124393a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 410676 cf7bed097f63e3c24337813621866498
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 411252 5a30177f7039f52783576e126cf042d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz
Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc
Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 801764 3759103e3417d44bea8866399ba34a66
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 139904 b503316d420ccb7efae5082368b95e01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73
VAR-200806-0437 | No CVE | Icon Labs Iconfidant SSH Server Multiple Denial of Service Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Iconfident SSH is an SSH server running on a VxWorks-based system.
Multiple vulnerabilities exist in the Iconfidant SSH server, which may cause system instability. During an SSH login, if a login is performed in a positive time frame, or invalid authentication credentials are sent, or other management operations are performed at the same time during the login, these vulnerabilities can be triggered, resulting in a denial of service
VAR-200806-0028 | CVE-2008-2636 | Linksys WRH54G Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. Firmware Cisco Linksys WRH54G of HTTP Service disrupted service operation (DoS) Vulnerabilities exist. Linksys Wrh54g Router is prone to a denial-of-service vulnerability. The URI begins with a "/./" sequence, contains many "front_page" sequences, and ends with an ".asp" sequence. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Linksys WRH54G Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA30562
VERIFY ADVISORY:
http://secunia.com/advisories/30562/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Linksys WRH54G
http://secunia.com/product/19001/
DESCRIPTION:
A vulnerability has been reported in Linksys WRH54G, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing HTTP
requests. This can be exploited to disable the HTTP service by
sending a specially crafted HTTP request to an affected device.
The vulnerability is reported in firmware version 1.01.03. Prior
versions may also be affected.
SOLUTION:
Update to firmware version 1.01.04.
PROVIDED AND/OR DISCOVERED BY:
dubingyao
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0185 | CVE-2008-1582 | Apple QuickTime "file: URL" arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.
Versions prior to QuickTime 7.5 are affected.
NOTE: This BID is being retired; the following individual records have been created to better document the issues:
29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability
29650 Apple QuickTime 'file:' URI File Execution Vulnerability
29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability
29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability
29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29293
VERIFY ADVISORY:
http://secunia.com/advisories/29293/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData
structure in a PICT file can be exploited to cause a heap-based
buffer overflow via a specially crafted PICT file.
5) An error in the handling of "file:" URLs can be exploited to e.g.
execute arbitrary programs when playing specially crafted QuickTIme
content in QuickTime Player.
SOLUTION:
Update to version 7.5 (via Software Update or Apple Downloads. See
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1) Dyon Balding, Secunia Research
2) Independently discovered by:
* Dave Soldera, NGS Software
* Jens Alfke
3) Liam O Murchu, Symantec
4) An anonymous researcher, reported via ZDI
5) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT1991
Secunia Research:
http://secunia.com/secunia_research/2008-9/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Original release date: June 10, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple
Knowledgebase article HT1991.
I. Apple QuickTime 7.5 addresses these
vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with
iTunes may be vulnerable.
II. For further
information, please see Apple knowledgebase article HT1991 about the
security content of QuickTime 7.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available
via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a
web browser, refer to Securing Your Web Browser.
IV. References
* About the security content of the QuickTime 7.5 Update -
<http://support.apple.com/kb/HT1991>
* How to tell if Software Update for Windows is working correctly when no
updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* US-CERT Vulnerability Notes for QuickTime 7.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-162C Feedback VU#132419" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 10, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws
xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb
Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3
8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM
TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5
FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==
=e01A
-----END PGP SIGNATURE-----
VAR-200806-0186 | CVE-2008-1583 | Apple QuickTime "file: URL" arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. CVE-2008-1581 Is a different vulnerability.Service disruption by a third party (DoS) Could be put into a state or arbitrary code could be executed.
These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.
Versions prior to QuickTime 7.5 are affected. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29293
VERIFY ADVISORY:
http://secunia.com/advisories/29293/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
5) An error in the handling of "file:" URLs can be exploited to e.g.
execute arbitrary programs when playing specially crafted QuickTIme
content in QuickTime Player.
SOLUTION:
Update to version 7.5 (via Software Update or Apple Downloads. See
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1) Dyon Balding, Secunia Research
2) Independently discovered by:
* Dave Soldera, NGS Software
* Jens Alfke
3) Liam O Murchu, Symantec
4) An anonymous researcher, reported via ZDI
5) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT1991
Secunia Research:
http://secunia.com/secunia_research/2008-9/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Original release date: June 10, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple
Knowledgebase article HT1991.
I. Apple QuickTime 7.5 addresses these
vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with
iTunes may be vulnerable.
II. For further
information, please see Apple knowledgebase article HT1991 about the
security content of QuickTime 7.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available
via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a
web browser, refer to Securing Your Web Browser.
IV. References
* About the security content of the QuickTime 7.5 Update -
<http://support.apple.com/kb/HT1991>
* How to tell if Software Update for Windows is working correctly when no
updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* US-CERT Vulnerability Notes for QuickTime 7.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-162C Feedback VU#132419" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 10, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws
xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb
Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3
8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM
TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5
FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==
=e01A
-----END PGP SIGNATURE-----
VAR-200806-0184 | CVE-2008-1581 | Apple QuickTime "file: URL" arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code.
These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.
Versions prior to QuickTime 7.5 are affected.
An attacker can exploit this issue to execute arbitrary within the context of the affected application. Failed exploit attempts will result in a denial-of-service vulnerability. If the user is tricked into opening a malicious PICT graphics, it will cause the player to terminate or execute arbitrary instructions. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29293
VERIFY ADVISORY:
http://secunia.com/advisories/29293/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
5) An error in the handling of "file:" URLs can be exploited to e.g.
execute arbitrary programs when playing specially crafted QuickTIme
content in QuickTime Player.
SOLUTION:
Update to version 7.5 (via Software Update or Apple Downloads. See
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1) Dyon Balding, Secunia Research
2) Independently discovered by:
* Dave Soldera, NGS Software
* Jens Alfke
3) Liam O Murchu, Symantec
4) An anonymous researcher, reported via ZDI
5) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT1991
Secunia Research:
http://secunia.com/secunia_research/2008-9/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Original release date: June 10, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple
Knowledgebase article HT1991.
I. Apple QuickTime 7.5 addresses these
vulnerabilities.
II. For further
information, please see Apple knowledgebase article HT1991 about the
security content of QuickTime 7.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available
via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a
web browser, refer to Securing Your Web Browser.
IV. References
* About the security content of the QuickTime 7.5 Update -
<http://support.apple.com/kb/HT1991>
* How to tell if Software Update for Windows is working correctly when no
updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* US-CERT Vulnerability Notes for QuickTime 7.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-162C Feedback VU#132419" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 10, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws
xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb
Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3
8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM
TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5
FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==
=e01A
-----END PGP SIGNATURE-----
.
======================================================================
6) Time Table
10/03/2008 - Vendor notified.
13/03/2008 - Vendor response.
10/06/2008 - Public disclosure.
======================================================================
7) Credits
Discovered by Dyon Balding, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-1581 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://corporate.secunia.com/secunia_research/33/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/secunia_vacancies/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-9/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
VAR-200806-0187 | CVE-2008-1584 | Apple QuickTime "file: URL" arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking within Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user.
These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.
Versions prior to QuickTime 7.5 are affected. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29293
VERIFY ADVISORY:
http://secunia.com/advisories/29293/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData
structure in a PICT file can be exploited to cause a heap-based
buffer overflow via a specially crafted PICT file.
5) An error in the handling of "file:" URLs can be exploited to e.g.
SOLUTION:
Update to version 7.5 (via Software Update or Apple Downloads. See
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1) Dyon Balding, Secunia Research
2) Independently discovered by:
* Dave Soldera, NGS Software
* Jens Alfke
3) Liam O Murchu, Symantec
4) An anonymous researcher, reported via ZDI
5) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT1991
Secunia Research:
http://secunia.com/secunia_research/2008-9/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT1222
-- Disclosure Timeline:
2008-02-07 - Vulnerability reported to vendor
2008-06-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Original release date: June 10, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple
Knowledgebase article HT1991.
I. Apple QuickTime 7.5 addresses these
vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with
iTunes may be vulnerable.
II. For further
information, please see Apple knowledgebase article HT1991 about the
security content of QuickTime 7.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available
via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a
web browser, refer to Securing Your Web Browser.
IV. References
* About the security content of the QuickTime 7.5 Update -
<http://support.apple.com/kb/HT1991>
* How to tell if Software Update for Windows is working correctly when no
updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* US-CERT Vulnerability Notes for QuickTime 7.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-162C Feedback VU#132419" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 10, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws
xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb
Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3
8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM
TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5
FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==
=e01A
-----END PGP SIGNATURE-----
VAR-200806-0188 | CVE-2008-1585 | Apple QuickTime "file: URL" arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists in the handling of SMIL text embedded in video formats. No sanity checking is performed on values of the qt:next attribute.
These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media.
Versions prior to QuickTime 7.5 are affected. This issue may lead to a remote compromise.
The issue arises because of improper handling of the 'file:' URI.
Versions prior to QuickTime 7.5 running on Apple Mac OS X 10.3.9, Mac OS X 10.4.9 to v10.4.11, Mac OS X 10.5 or later, Windows Vista, and Windows XP SP2 are affected. ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution
http://www.zerodayinitiative.com/advisories/ZDI-08-038
June 10, 2008
-- CVE ID:
CVE-2008-1585
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6119.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT1222
-- Disclosure Timeline:
2008-05-08 - Vulnerability reported to vendor
2008-06-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Petko D. (pdp) Petkov | GNUCITIZEN
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com.
execute arbitrary programs when playing specially crafted QuickTIme
content in QuickTime Player. See
vendor's advisory for details). ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple TV Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA31034
VERIFY ADVISORY:
http://secunia.com/advisories/31034/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple TV 2.x
http://secunia.com/product/19289/
DESCRIPTION:
Some vulnerabilities have been reported in Apple TV, which can be
exploited by malicious people to compromise a vulnerable system.
1) A boundary error in the handling of data reference atoms in movie
files can be exploited to cause a buffer overflow.
For more information see vulnerability #3 in:
SA29650
2) A boundary error in the handling of "crgn" atoms in movie files
can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #5 in:
SA29650
3) A boundary error in the handling of "chan" atoms in movie files
can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #6 in:
SA29650
4) An error in the handling of "file:" URLs can be exploited to e.g.
execute arbitrary programs.
For more more information see vulnerability #5 in:
SA29293
5) A boundary error when handling RTSP replies can be exploited to
cause a heap-based buffer overflow.
For more information:
SA28423
6) A boundary error when processing compressed PICT images can be
exploited to cause a buffer overflow.
For more information see vulnerability #4 in:
SA28502
SOLUTION:
Update to version 2.1.
PROVIDED AND/OR DISCOVERED BY:
1,6) Chris Ries of Carnegie Mellon University Computing Services.
2) Sanbin Li, reporting via ZDI.
3) An anonymous researcher, reporting via ZDI.
4) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
5) Luigi Auriemma
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT2304
OTHER REFERENCES:
SA28423:
http://secunia.com/advisories/28423/
SA28502:
http://secunia.com/advisories/28502/
SA29293:
http://secunia.com/advisories/29293/
SA29650:
http://secunia.com/advisories/29650/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Original release date: June 10, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple
Knowledgebase article HT1991.
I. Apple QuickTime 7.5 addresses these
vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with
iTunes may be vulnerable.
II. For further
information, please see Apple knowledgebase article HT1991 about the
security content of QuickTime 7.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.5.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a
web browser, refer to Securing Your Web Browser.
IV. References
* About the security content of the QuickTime 7.5 Update -
<http://support.apple.com/kb/HT1991>
* How to tell if Software Update for Windows is working correctly when no
updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* US-CERT Vulnerability Notes for QuickTime 7.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-162C Feedback VU#132419" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 10, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws
xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb
Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3
8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM
TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5
FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==
=e01A
-----END PGP SIGNATURE-----
VAR-200806-0441 | No CVE | Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: Medium |
A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products.A remote attacker could execute arbitrary scripts.
VAR-200806-0439 | No CVE | XMAP3 Denial of Service (DoS) Vulneability |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
XMAP3's print function has a vulnerability that could cause a temporary denial of service (DoS) condition when receiving unexpected data.An attacker could cause a denial of service (DoS) condition by sending unexpected data to XMAP3's print service.
VAR-200806-0443 | No CVE | JP1/Cm2/Network Node Manager Web Coordinated Function Multiple Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: High |
Multiple vulnerabilities have been found in the JP1/Cm2/Network Node Manager (NNM) Web coordinated function.A remote attacker could execute arbitrary scripts or code, or cause a denial of service (DoS) condition.
VAR-200904-0200 | CVE-2008-6701 | NetScout Visualizer Vulnerabilities that can obtain administrator privileges |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.
Attackers can exploit this issue to perform unauthorized administrative functions. This can aid in further attacks.
The NetScout Administrator device is vulnerable; other devices may also be affected.
Reports indicated that this issue may exist in Network General Visualizer V2100 and Network General Infinistream i1730 Sniffer. This has not been confirmed. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
NetScout Visualizer / InfiniStream Security Bypass
SECUNIA ADVISORY ID:
SA30514
VERIFY ADVISORY:
http://secunia.com/advisories/30514/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
NetScout Visualizer
http://secunia.com/product/19033/
Network General InfiniStream i1730
http://secunia.com/product/19035/
DESCRIPTION:
A vulnerability has been reported in NetScout Visualizer and
InfiniStream, which can be exploited by malicious users to perform
certain actions with escalated privileges.
The vulnerability is caused due to improper access restrictions to
certain administrative pages in the web interface. This can be
exploited to access administrative functions by directly accessing
the URL of such pages.
SOLUTION:
Grant only trusted users access to affected system.
PROVIDED AND/OR DISCOVERED BY:
jgrove_2000
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2008-06/0068.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0029 | CVE-2008-2637 | F5 FirePass SSL VPN Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php. (1) vdesk/admincon/webyfiers.php Inside css_exceptions Parameters (2) vdesk/admincon/index.php Inside sql_matchscope Parameters. F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to execute arbitrary actions in the context of the affected application.
FirePass 6.0.2 hotfix 3 is vulnerable; other versions may also be affected. F5 FirePass SSL VPN devices allow users to securely connect to critical business applications. The F5 FirePass SSL VPN device performs basic filtering on web requests submitted through Portal Access. The Content Inspection function is configured and customized through the web management interface, and the /vdesk/admincon/webyfiers.php file of this web management interface is not correct. If a remote attacker submits a malicious HTTP request to the above page, a cross-site scripting attack can be executed, resulting in the execution of arbitrary instructions. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
F5 FirePass SSL VPN Appliance Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA30550
VERIFY ADVISORY:
http://secunia.com/advisories/30550/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
FirePass 5.x
http://secunia.com/product/4695/
FirePass 6.x
http://secunia.com/product/13146/
DESCRIPTION:
nnposter has reported some vulnerabilities in F5 FirePass, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "css_exceptions" parameter in
/vdesk/admincon/webyfiers.php and to the "sql_matchscope" parameter
in /vdesk/admincon/index.php is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of the
administrative interface.
SOLUTION:
Do not visit untrusted sites or follow untrusted links while being
logged in to the administrative interface.
PROVIDED AND/OR DISCOVERED BY:
nnposter
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2008-06/0063.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0204 | CVE-2008-2055 | Cisco PIX/ASA of TCP ACK Service disruption in packet processing (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. Cisco PIX and Cisco ASA are prone to multiple denial-of-service vulnerabilities and an unauthorized-access vulnerability.
An attacker can exploit these issues to bypass ACL lists and to cause an affected device to reboot or crash. This security
advisory outlines details of these vulnerabilities:
* Crafted TCP ACK Packet Vulnerability
* Crafted TLS Packet Vulnerability
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Control-plane Access Control List Vulnerability
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following are the details about each vulnerability described
within this advisory. Software versions prior to
7.1(2)70 on the 7.1.x release, 7.2(4) on the 7.2.x release, and 8.0
(3)10 on the 8.0.x release are affected.
Devices running software versions on the 8.0 release that are
configured for Telnet, Secure Shell (SSH), WebVPN, SSL VPN, or ASDM
enabled are affected by this vulnerability.
Note: Devices running IPv4 and IPv6 are affected by this
vulnerability. Devices running software versions in the 7.0.x and 7.1.x
releases are not vulnerable. Additionally, devices that do not have
Instant Messaging Inspection enabled are not vulnerable.
Note: Instant Messaging Inspection is disabled by default.
Control-plane Access Control List Vulnerability
+----------------------------------------------
Cisco ASA and Cisco PIX devices are affected by a vulnerability if
the device is configured to use control-plane ACLs and if it is
running software versions prior to 8.0(3)9 on the 8.0.x release.
Devices running software versions 7.x or 8.1.x are not vulnerable.
Note: Control-plane ACLs were first introduced in software version
8.0(2). The control-plane ACLs are not enabled by default.
The show version command-line interface (CLI) command can be used to
determine if a vulnerable version of the Cisco PIX or Cisco ASA
software is running.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of
these vulnerabilities. Cisco PIX security appliances running versions
6.x are not vulnerable. No other Cisco products are currently known
to be affected by these vulnerabilities.
Details
=======
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities are independent of each other.
1. Only packets destined
to the device (not transiting the device) may trigger the effects of
this vulnerability.
Devices running software versions on the 8.0 release that are
configured for Telnet, Secure Shell (SSH), WebVPN, SSL VPN, or ASDM
enabled are affected by this vulnerability.
The telnet command is used identify the IP addresses from which the
security appliance accepts Telnet connections.
ASA(config)# telnet 192.168.10.0 255.255.255.0 inside
In the previous example, the Cisco ASA is configured to accept Telnet
connections on the inside interface from the 192.168.10.0/24 network.
Note: You cannot use Telnet to the lowest security interface unless
you use Telnet inside an IPSec tunnel.
ASDM management sessions are enabled via the http server enable and
http commands.
The ssh command is used identify the IP addresses from which the
security appliance accepts SSH connections. For example:
ASA(config)# ssh 192.168.10.0 255.255.255.0 inside
In the previous example the Cisco ASA is configured to accept SSH
connections on the inside interface from the 192.168.10.0/24 network.
Clientless WebVPN, SSL VPN Client, and AnyConnect connections are
enabled via the webvpn command. For example, the following
configuration shows a Cisco ASA with WebVPN configured and enabled.
In this case the ASA will listen for WebVPN connections on the
default port, TCP port 443:
http server enable
!
webvpn
enable outside
Note that with this particular configuration, the device is
vulnerable to attacks coming from the outside interface.
This vulnerability is documented in Cisco Bug ID CSCsm84110
and has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-2055.
2. Crafted TLS Packet Vulnerability
+----------------------------------
Transport Layer Security (TLS) is the replacement for the Secure
Socket Layer (SSL) protocol. It is a protocol that provides, via
cryptography, secure communications between two end-points. In all these scenarios, the PIX and ASA may be affected by
a vulnerability in the handling of the TLS protocol that may lead to
a reload of the device when it processes specially crafted TLS
packets.
Note: Only packets destined to the device (not transiting the
device) may trigger the effects of this vulnerability.
The following list contains some of the applications within the Cisco
ASA and Cisco PIX devices that use TLS:
* Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
* ASDM (HTTPS) Management Sessions
* Cut-Through Proxy for Network Access
* TLS Proxy for Encrypted Voice Inspection
Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
+------------------------------------------------------------
Clientless WebVPN, SSL VPN Client, and AnyConnect connections are
enabled via the webvpn command. For example, the following
configuration shows a Cisco ASA with WebVPN configured and enabled.
In this case the ASA will listen for WebVPN connections on the
default port, TCP port 443:
http server enable
!
webvpn
enable outside
Note that with this particular configuration, the device is
vulnerable to attacks coming from the outside interface.
ASDM (HTTPS) Management Sessions
+-------------------------------
ASDM management sessions are enabled via the http server enable and
http commands. For example, the following configuration shows an ASA
configured for remote HTTPS management:
http server enable
http 192.168.0.0 255.255.255.0 inside
Note that with this particular configuration the device is vulnerable
to attacks coming from the inside interface and from the 192.168.0.0/
24 IP sub-network.
Cut-Through Proxy for Network Access
+------------------------------------
The cut-through proxy feature is used to authenticate users before
they can access the network. The following is an example of a
configuration that requires users to authenticate before they can be
granted network access:
access-list auth-proxy extended permit tcp any any eq www
access-list auth-proxy extended permit tcp any any eq telnet
access-list auth-proxy extended permit tcp any any eq https
!
aaa authentication match auth-proxy inside LOCAL
aaa authentication secure-http-client
aaa authentication listener https inside port https
A configuration affected by this vulnerability will contain the
command aaa authentication secure-http-client or aaa authentication
listener https inside port <port number>. Note that with the
configuration in the preceding example, the device is vulnerable to
attacks coming from the inside interface.
TLS Proxy for Encrypted Voice Inspection
+---------------------------------------
The TLS proxy for encrypted voice inspection feature allows the
security appliance to decrypt, inspect and modify (as needed, for
example, performing NAT fixup), and re-encrypt voice signaling
traffic while all of the existing VoIP inspection functions for SCCP
and Session Initiation Protocol (SIP) protocols are preserved. Once
voice signaling is decrypted, the plain-text signaling message is
passed to the existing inspection engines. The security appliance
accomplishes this by acting as a TLS proxy between the IP phone and
Cisco Unified CallManager and Cisco Unified Communications Manager,
which implies that TLS sessions are terminating on the security
appliance. This is done over TCP ports 2443 and 5061.
If the output contains the text tls-proxy: active and some
statistics, then the device has a vulnerable configuration. The
following example shows a vulnerable Cisco ASA Security Appliance:
ASA# show service-policy | include tls
Inspect: sip tls-proxy myproxy, packet 0, drop 0, reset-drop 0
tls-proxy: active sess 0, most sess 0, byte 0
Inspect: skinny tls-proxy myproxy, packet 0, drop 0, reset-drop 0
tls-proxy: active sess 0, most sess 0, byte 0
ASA#
This vulnerability is documented in Cisco Bug ID CSCsm26841 and has
been assigned the Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-2056.
3. Instant Messenger Inspection Vulnerability
+--------------------------------------------
The Cisco ASA and Cisco PIX Instant Messenger (IM) inspection engine
is used to apply fine grained controls on the IM application usage
within your network.
More information on the IM inspection feature and its configuration
can be found at:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1479354
This vulnerability is documented in Cisco Bug ID CSCso22981 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-2057.
4. Certain vulnerability (port) scanners
will cause the system to reload.
Note: This vulnerability is affected by traffic destined to the
device on TCP port 443. The Cisco ASA and Cisco PIX security
appliances use TCP port 443 for Clientless WebVPN, SSL VPN Client,
AnyConnect client connections, HTTPS Management Sessions, Cut-Through
Proxy for Network Access, and TLS Proxy for Encrypted Voice
Inspection. Please refer to the details of the Crafted TLS Packet
Vulnerability for additional information on these services.
This vulnerability is documented in Cisco Bug ID CSCsj60659 and has
been assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-2058.
5. Control-plane Access Control List Vulnerability
+-------------------------------------------------
Control-plane ACLs are designed to protect traffic destined to the
security appliance.
The following example uses the show running-config | include
control-plane command to determine if a control-plane ACL is
configured on the device:
ASA# show running-config | include control-plane
access-group 101 in interface inside control-plane
ASA#
This vulnerability is documented in Cisco Bug ID CSCsm67466 and has
been assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-2059.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsm84110 - Crafted TCP ACK Packet Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsm26841 - Crafted TLS Packet Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCso22981 - Instant Messenger Inspection Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsj60659 - Vulnerability Scan Denial of Service
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsm67466 - Control-plane Access Control List Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the first four vulnerabilities may cause a
reload of the affected device. Repeated exploitation could result in
a sustained Denial-of-Service (DoS) condition. Successful
exploitation of the fifth vulnerability may allow an attacker to
bypass control-plane ACLs and successfully send malicious traffic to
the device.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
The following list contains the first fixed software release of each
vulnerability:
+---------------------------------------+
| | Affected | First |
| Vulnerability | Release | Fixed |
| | | Release |
|---------------+----------+------------|
| | 7.0 | Not |
| | | vulnerable |
| |----------+------------|
| | 7.1 | 7.1(2)70 |
|Crafted TCP |----------+------------|
| ACK Packet | 7.2 | 7.2(4) |
|Vulnerability |----------+------------|
| | 8.0 | 8.0(3)10 |
| |----------+------------|
| | 8.1 | Not |
| | | vulnerable |
|---------------+----------+------------|
| | 7.0 | Not |
| | | vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Crafted TLS | | vulnerable |
|Packet |----------+------------|
| Vulnerability | 7.2 | Not |
| | | vulnerable |
| |----------+------------|
| | 8.0 | 8.0(3)9 |
| |----------+------------|
| | 8.1 | 8.1(1)1 |
|---------------+----------+------------|
| | 7.0 | Not |
| | | vulnerable |
| |----------+------------|
| Instant | 7.1 | Not |
| Messenger | | vulnerable |
|Inspection |----------+------------|
| Vulnerability | 7.2 | 7.2(4) |
| |----------+------------|
| | 8.0 | 8.0(3)10 |
| |----------+------------|
| | 8.1 | 8.1(1)2 |
|---------------+----------+------------|
| | 7.0 | Not |
| | | vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Vulnerability | | vulnerable |
|Scan Denial |----------+------------|
| of Service | 7.2 | 7.2(3)2 |
| |----------+------------|
| | 8.0 | 8.0(2)17 |
| |----------+------------|
| | 8.1 | Not |
| | | vulnerable |
|---------------+----------+------------|
| | 7.0 | Not |
| | | vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Control-plane | | vulnerable |
|Access |----------+------------|
| Control List | 7.2 | Not |
| Vulnerability | | vulnerable |
| |----------+------------|
| | 8.0 | 8.0(3)9 |
| |----------+------------|
| | 8.1 | Not |
| | | vulnerable |
+---------------------------------------+
Fixed PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fix ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
Workarounds
===========
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities and their respective workarounds are
independent of each other.
Crafted TCP ACK Packet Vulnerability
+-----------------------------------
As a workaround and best practice allow Telnet, SSH, and ASDM
connections from only trusted hosts in your network.
Additionally, filters that deny TCP ports 22, 23, 80, and 443 packets
may be deployed throughout the network as part of a transit ACL
(tACL) policy for protection of traffic which enters the network at
ingress access points. This policy should be configured to protect
the network device where the filter is applied and other devices
behind it. Filters for packets using TCP ports 22, 23, 80, and 443
should also be deployed in front of vulnerable network devices so
that traffic is only allowed from trusted clients.
Additional information about tACLs is available in "Transit Access
Control Lists : Filtering at Your Edge":
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
Crafted TLS Packet Vulnerability
+-------------------------------
There are no workarounds for this vulnerability.
Instant Messenger Inspection Vulnerability
The only workaround for this vulnerability is to disable IM
inspection on the security appliance.
Port Scan Denial of Service Vulnerability
+----------------------------------------
There are no workarounds for this vulnerability.
Control-plane Access Control List Vulnerability
+----------------------------------------------
There are no workarounds for this vulnerability.
Additional mitigation techniques that can be deployed on Cisco
devices within the network are available in the Cisco Applied
Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080604-asa.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
These vulnerabilities were found during internal testing and during
the troubleshooting of a technical support service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-June-04 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkhGwG8ACgkQ86n/Gc8U/uAXugCgl3ldbkYO1vTiMqcWSf7NPfNO
oQgAn2DiTO9kCOY0anGos0sdjHU0jAai
=30Rf
-----END PGP SIGNATURE-----
.
4) An unspecified error can be exploited to cause an affected system
to reload via specially crafted network traffic (e.g.
SOLUTION:
Update to fixed versions (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0196 | CVE-2008-2056 | Cisco PIX/ASA of TLS Service disruption in packet processing (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. Cisco PIX and Cisco ASA are prone to multiple denial-of-service vulnerabilities and an unauthorized-access vulnerability.
An attacker can exploit these issues to bypass ACL lists and to cause an affected device to reboot or crash. Only packets sent to the device, not through the device, can trigger this vulnerability.
1) An unspecified error in the processing of TCP ACK packets can be
exploited to cause a DoS by sending a specially crafted packet to an
affected device.
This vulnerability affects software versions 7.1.x, 7.2.x, and
8.0.x.
2) An unspecified error in the handling of the TLS protocol can be
exploited to cause an affected device to reload by sending a
specially crafted TLS packet to an affected device.
This vulnerability affects software version 8.0.x and 8.1.x.
3) An unspecified error in the Instant Messaging Inspection can be
exploited to cause a DoS.
Successful exploitation requires that Instant Messaging Inspection is
enabled.
This vulnerability affects software versions 7.2.x, 8.0.x, and
8.1.x.
4) An unspecified error can be exploited to cause an affected system
to reload via specially crafted network traffic (e.g. by certain
vulnerability / port scanners) to TCP port 443.
This vulnerability affects software versions 7.2.x and 8.0.x.
5) An unspecified error causes the control-plane access control lists
(ACL) to not work properly, which can be exploited to bypass
configured control-plane ACLs.
This vulnerability affects software versions 8.0.x.
NOTE: Depending on the configuration some of the vulnerabilities are
exploitable via the outside interface (please see the vendor's
advisory for more information).
SOLUTION:
Update to fixed versions (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0197 | CVE-2008-2057 | Cisco PIX/ASA of Instant Messenger (IM) Service disruption in the audit engine (DoS) Vulnerabilities |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet. Cisco PIX and Cisco ASA are prone to multiple denial-of-service vulnerabilities and an unauthorized-access vulnerability.
An attacker can exploit these issues to bypass ACL lists and to cause an affected device to reboot or crash. Cisco ASA and Cisco PIX IM inspection engines are used to apply fine-grained control over IM usage in the network.
1) An unspecified error in the processing of TCP ACK packets can be
exploited to cause a DoS by sending a specially crafted packet to an
affected device.
This vulnerability affects software versions 7.1.x, 7.2.x, and
8.0.x.
2) An unspecified error in the handling of the TLS protocol can be
exploited to cause an affected device to reload by sending a
specially crafted TLS packet to an affected device.
This vulnerability affects software version 8.0.x and 8.1.x.
3) An unspecified error in the Instant Messaging Inspection can be
exploited to cause a DoS.
Successful exploitation requires that Instant Messaging Inspection is
enabled.
This vulnerability affects software versions 7.2.x, 8.0.x, and
8.1.x.
4) An unspecified error can be exploited to cause an affected system
to reload via specially crafted network traffic (e.g. by certain
vulnerability / port scanners) to TCP port 443.
This vulnerability affects software versions 7.2.x and 8.0.x.
5) An unspecified error causes the control-plane access control lists
(ACL) to not work properly, which can be exploited to bypass
configured control-plane ACLs.
This vulnerability affects software versions 8.0.x.
NOTE: Depending on the configuration some of the vulnerabilities are
exploitable via the outside interface (please see the vendor's
advisory for more information).
SOLUTION:
Update to fixed versions (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0198 | CVE-2008-2058 | Cisco PIX/ASA Service disruption in the processing of port scans (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. interferes with service operation (DoS) There is a possibility of being put into a state. Cisco PIX and Cisco ASA are prone to multiple denial-of-service vulnerabilities and an unauthorized-access vulnerability.
An attacker can exploit these issues to bypass ACL lists and to cause an affected device to reboot or crash. Certain vulnerability/port scanners can cause system overloads.
1) An unspecified error in the processing of TCP ACK packets can be
exploited to cause a DoS by sending a specially crafted packet to an
affected device.
This vulnerability affects software versions 7.1.x, 7.2.x, and
8.0.x.
2) An unspecified error in the handling of the TLS protocol can be
exploited to cause an affected device to reload by sending a
specially crafted TLS packet to an affected device.
This vulnerability affects software version 8.0.x and 8.1.x.
3) An unspecified error in the Instant Messaging Inspection can be
exploited to cause a DoS.
Successful exploitation requires that Instant Messaging Inspection is
enabled.
This vulnerability affects software versions 7.2.x, 8.0.x, and
8.1.x.
4) An unspecified error can be exploited to cause an affected system
to reload via specially crafted network traffic (e.g. by certain
vulnerability / port scanners) to TCP port 443.
This vulnerability affects software versions 7.2.x and 8.0.x.
5) An unspecified error causes the control-plane access control lists
(ACL) to not work properly, which can be exploited to bypass
configured control-plane ACLs.
This vulnerability affects software versions 8.0.x.
NOTE: Depending on the configuration some of the vulnerabilities are
exploitable via the outside interface (please see the vendor's
advisory for more information).
SOLUTION:
Update to fixed versions (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------