VARIoT IoT vulnerabilities database

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile. vtiger CRM is prone to a remote security vulnerability

Intuity Audix LX is a powerful multimedia messaging server. Multiple CGI perl scripts in the /html/cswebadm/basic/cgibin/ directory of Intuity Audix LX do not properly validate user-submitted parameter requests, and remote attackers can execute arbitrary code by submitting HTTP POST requests; The url parameter of /cgi-bin/smallmenu.pl may cause cross-site scripting attacks; the use of tokenization protection management changes when logging into the web interface may result in cross-site request forgery attacks. Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including: 1. Multiple remote command-execution vulnerabilities 2. A cross-site request-forgery vulnerability 3. A cross-site scripting vulnerability Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system, steal cookie-based authentication credentials, execute arbitrary script code, and perform administrative tasks. Other attacks are also possible

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. vtiger CRM is prone to a security bypass vulnerability

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. vtiger CRM is prone to a remote security vulnerability

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files. A remote attacker can use (1) module parameters to graph.php; or (2) modules or (3) include/Ajax/CommonAjax.php from modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax

Nginx is a multi-platform HTTP server and mail proxy server. Nginx maintains an internal DNS cache for the parsed domain name, but in the search cache, nginx only checks if the name's crc32 matches and the short name is a long name prefix, but does not check if the names are equal in length. If nginx is configured as a proxy cache, the remote attacker can spoof the domain name through DNS poisoning attacks, tricking the user into believing that the domain name being accessed is legitimate. This issue can be exploited when nginx is configured to act as a forward proxy, but this is a nonstandard and unsupported configuration. Attacks against other configurations may also be possible. Successful exploits may allow remote attackers to intercept traffic intended for legitimate websites, which may aid in further attacks

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. (1) support_param.html/config To script Apply In action Product_URL Parameters (2) support_param.html/config To script Apply In action Tech_URL Parameters. Multiple HP printers are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01841397 Version: 1 HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS). References: CVE-2009-2684 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-2684 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to security-alert@hp.com. Affected Products - Jetdirect Product Jetdirect Part Number Jetdirect Version or later HP Color LaserJet 3000n J7949E V.28.XX HP Color LaserJet CP3505 J7987E V.34.60 HP Color LaserJet 3600n J7973E V.30.31 HP Color LaserJet 3800n J7949E V.28.XX HP Color LaserJet 4700n J7949E V.28.XX HP Color LaserJet CP4005n J7990E V.33.41 HP LaserJet 2410/2420/2430n J7949E V.28.XX HP LaserJet P3005n J7979E V.33.55 HP LaserJet 4240/4250n J7949E V.28.XX HP LaserJet 4350n J7949E V.28.XX HP LaserJet 5200n J7949E V.28.XX HP LaserJet 9040n/9050n J7949E V.28.XX HP Color LaserJet 4730 MFP J7949E V.28.XX HP Color LaserJet CM4730 MFP J7991E V.34.60 HP LaserJet 9040/9050MFP J7949E V.28.XX HP LaserJet M3027/3035 MFP J7982E V.34.08 HP LaserJet 4345 MFP J7949E V.28.XX HP LaserJet M4345x MFP J7982E V.34.08 HP LaserJet M5025/5035 MFP J7982E V.34.08 HP CM8050/8060 MFP J7974E V.34.40 HP DS9200c Digital Sender J7949E V.28.XX HP DS9250c Digital Sender J7992E V.34.12 HP LaserJet P4515 J8003E V.36.35 HP LaserJet P4015 J8003E V.36.35 HP LaserJet P4014 J8006E V.36.35 HP Color LaserJet CP6015 J7993E V.36.35 HP Color LaserJet 6040 MFP J7993E V.36.35 HP LaserJet M9040/50 MFP J8004E V.36.35 Affected Products - Embedded Web Server (EWS) Product HP Color LaserJet 3000n HP Color LaserJet CP3505 HP Color LaserJet 3600n HP Color LaserJet 3800n HP Color LaserJet 4700n HP Color LaserJet CP4005n HP LaserJet 2410/2420/2430n HP LaserJet P3005n HP LaserJet 4240/4250n HP LaserJet 4350n HP LaserJet 5200n HP LaserJet 9040n/9050n HP Color LaserJet 4730 MFP HP Color LaserJet CM4730 MFP HP LaserJet 9040/9050MFP HP LaserJet M3027/3035 MFP HP LaserJet 4345 MFP HP LaserJet M4345x MFP HP LaserJet M5025/5035 MFP HP CM8050/8060 MFP HP DS9200c Digital Sender HP DS9250c Digital Sender HP LaserJet P4515 HP LaserJet P4015 HP LaserJet P4014 HP Color LaserJet CP6015 HP Color LaserJet 6040 MFP HP LaserJet M9040/50 MFP Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting RESOLUTION The following steps can be taken to limit the exposure to the XSS vulnerabilities. set the administrator password use a new browser instance for administrator tasks do not access other web sites while performing administrator tasks exit the browser when administrator tasks are complete PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 7 October 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX) iEYEARECAAYFAkrMkcsACgkQ4B86/C0qfVkloACeJjXFqi/GNPBY7Z/Zn5bkBchG RhUAoInJdnRoqTTCkgJqrss2Etcz9ool =xes/ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: KSP Sound Player "m3u" Playlist Buffer Overflow SECUNIA ADVISORY ID: SA36621 VERIFY ADVISORY: http://secunia.com/advisories/36621/ DESCRIPTION: hack4love has discovered a vulnerability in KSP Sound Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of "m3u" files. This can be exploited to cause a stack-based buffer overflow when a user is tricked into opening a specially crafted "m3u" playlist file containing an overly long entry. Successful exploitation allows execution of arbitrary code. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: hack4love ORIGINAL ADVISORY: http://milw0rm.com/exploits/9624 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Input passed via the "Product_URL" and "Tech_URL" parameters to support_param.html/config is not properly sanitised before being used. SOLUTION: Filter malicious characters and character sequences in a web proxy. See the vendor's advisory for recommended workarounds. Details ******* Multiple Linked Stored XSS vulnerabilities found in script support_param.html/config Attacker can inject XSS in parameters "Product_URL" and "Tech_URL". http://dsecrg.ru/pages/vul/show.php?id=148 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397 About ***** Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website. Contact: research [at] dsecrg [dot] com http://www.dsecrg.com Polyakov Alexandr Information Security Analyst ______________________ DIGITAL SECURITY phone: +7 812 703 1547 +7 812 430 9130 e-mail: a.polyakov@dsec.ru www.dsec.ru ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. -----------------------------------

GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). Greensql Firewall is prone to a sql-injection vulnerability

Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities that could allow an attacker to execute arbitrary commands.A remote attacker could execute arbitrary commands.

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 0.7.62 *>= 0.5.38 *>= 0.6.39 >= 0.7.62 Description =========== Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx 0.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38 All nginx 0.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39 All nginx 0.7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62 References ========== [ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629 Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----

The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. Apple Xsan is prone to an information-disclosure vulnerability affecting the Xsan Admin component. Successful exploits may allow attackers with physical access to an affected computer to obtain password data. Information harvested may aid in launching further attacks. Versions prior to Xsan 2.2 are vulnerable. Xsan is an enterprise-class storage network solution, and Xsan Admin is an application for simplifying SAN management. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Xsan Admin Connection URL Username/Password Disclosure SECUNIA ADVISORY ID: SA36673 VERIFY ADVISORY: http://secunia.com/advisories/36673/ DESCRIPTION: A security issue has been reported in Xsan, which may disclose sensitive information to malicious people with physical access to a system. Any person able to see the user's display could gain knowledge of this information. SOLUTION: Update to version 2.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Greisler, Kadimac Corp Macintosh Integrators. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3797 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. The Safari browser on the Apple iPhone is prone to a denial-of-service vulnerability. Successfully exploiting this issue may allow attackers to crash the application. This issue affects Apple iPhone 3.0.1; other versions may be vulnerable as well. iPhone is a smartphone released by Apple

The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723. Siemens Gigaset SE361 WLAN is prone to a denial-of-service vulnerability. Successful exploits will cause an affected device to crash and reboot, denying service to legitimate users. This issue affects firmware 1.00.2 and prior versions. Gigaset SE361 WLAN is a small wireless router. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Gigaset SE361 WLAN Denial of Service Vulnerability SECUNIA ADVISORY ID: SA36697 VERIFY ADVISORY: http://secunia.com/advisories/36697/ DESCRIPTION: crashbrz has reported a vulnerability in Gigaset SE361 WLAN, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict local network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: crashbrz ORIGINAL ADVISORY: http://milw0rm.com/exploits/9646 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Gigaset SE361 WLAN is a small wireless router.  A remote attacker can cause the device to restart by sending a large number of TCP packets to Gigaset SE361 WLAN port 1723.

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects the ColorSync component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Integer overflow vulnerabilities exist in Mac OS X and Safari systems running on Windows platforms. For more information see vulnerability #4 in: SA36701 2) An error exists when handling an "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu action performed on a link to a local file. This can be exploited to load a local HTML file and disclose sensitive information by tricking a user into performing the affected actions within a specially crafted webpage. 3) An error exists in WebKit when sending "preflight" requests originating from a page in a different origin. This can be exploited to facilitate cross-site request forgery attacks by injecting custom HTTP headers. 5) An error in WebKit when handling an HTML 5 Media Element on Mac OS X can be exploited to bypass remote image loading restrictions via e.g. HTML-formatted emails. NOTE: Some errors leading to crashes, caused by the included libxml2 library, have also been reported. SOLUTION: Update to version 4.0.4. PROVIDED AND/OR DISCOVERED BY: 1-3, 5) Reported by the vendor. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to perform man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502. Phoenix Contact FL IL 24 BK-PAC There is a service disruption ( hang ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( hang ) There is a possibility of being put into a state. (1) Unspecified operation (2) TCP port 502 Malformed input to

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects the CoreGraphics component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues.". Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the ImageIO component. Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. These issues affect the following: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: These issues were previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but have been assigned their own record to better document them. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------