VARIoT IoT vulnerabilities database

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. James is prone to a memory leak denial of service vulnerability. This issue occurs during an error condition in the spooler. An attacker can exploit this issue by creating multiple error conditions and eventually consume system resources. Successful exploitation will ultimately crash the application denying service to legitimate users

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. Kerio Mailserver is prone to a local security vulnerability. Kerio is a security software company that offers a variety of security software. ______________________________________________________________________ Secure Computer Group - University of A Coruna http://research.tic.udc.es/scg/ -- x -- dotpi.com Information Technologies Research Labs http://www.dotpi.com ______________________________________________________________________ ID: #20041214-2 Document title: Insecure default file system permissions on Microsoft versions of Kerio Software Document revision: 1.0 Coordinated release date: 2004/12/14 Vendor Acknowledge date: 2004/11/10 Reported date: 2004/11/08 CVE Name: CAN-2004-1023 Other references: N/A ______________________________________________________________________ Summary: Impact: Privilege escalation System sofware tampering Trojan injection Second-stage attack vector Alter configuration files Rating/Severity: Low Recommendation: Update to latest version Enforce file system ACLs Vendor: Kerio Technologies Inc. Affected software: Kerio WinRoute Firewall (all versions) Kerio ServerFirewall (all versions) Kerio MailServer (all windows versions) Updates/Patches: Yes (see below) ______________________________________________________________________ General Information: 1. Executive summary: ------------------ As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined the following security issue on some Kerio Software. Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer are installed by default under 'Program Files' system folder. No change is done to the ACLs after the installation process. System administrators should enforce ACL security settings in order solve this problem. It is also highly recommended to verify this settings as part of the planning, installation, hardening and auditing processes. New versions of the software solve this an other minor problems so it is upgrade its highly recommended. 2. Technical details: ------------------ Following the latest trends and approaches to responsible disclosure, SCG and dotpi.com are going to withhold details of this flaw for three months. Full details will be published on 2005/03/14. This three month window will allow system administrators the time needed to obtain the patch before the details are released to the general public. 3. Risk Assessment factors: ------------------------ The attacker would need local interactive access to the installation directory. Remote access is also possible but default system settings do not make this easy. The most risky scenarios are the ones in which the server machine is shared among two or more users or those situations where Kerio service management have been delegated to a third party any other than local or domain system administrator. Special care should be taken on such environments and every step of the project: design, planning, deployment and management should consider this security issues. Privilege escalation, system and software tampering and the ability to alter service configuration are all real issues and all of them can be used as a second stage attack vector. 4. Solutions and recommendations: ------------------------------ Enforce the file system ACLs and/or upgrade to the latest versions: o Kerio Winroute Firewall 6.0.9 o Kerio ServerFirewall 1.0.1 o Kerio MailServer 6.0.5 As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services. 5. Common Vulnerabilities and Exposures (CVE) project: --------------------------------------------------- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1023 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. ______________________________________________________________________ Acknowledgements: 1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole Technical Team from Kerio Technologies (support at kerio.com) for their quick response and professional handling on this issue. 3. The whole Research Lab at dotpi.com and specially to Carlos Veira for his leadership and support. 3. Secure Computer Group at University of A Coruna (scg at udc.es), and specially to Antonino Santos del Riego powering new research paths at University of a Coruna. ______________________________________________________________________ Credits: Javier Munoz (Secure Computer Group) is credited with this discovery. ______________________________________________________________________ Related Links: [1] Kerio Technologies Inc. http://www.kerio.com/ [2] Kerio WinRoute Firewall Downloads & Updates http://www.kerio.com/kwf_download.html [3] Kerio ServerFirewall Downloads & Updates http://www.kerio.com/ksf_download.html [4] Kerio MailServer Downloads & Updates http://www.kerio.com/kms_download.html [5] Secure Computer Group. University of A Coruna http://research.tic.udc.es/scg/ [6] Secure Computer Group. Updated advisory http://research.tic.udc.es/scg/advisories/20041214-2.txt [7] dotpi.com Information Technologies S.L. http://www.dotpi.com/ [8] dotpi.com Research Labs http://www.dotpi.com/research/ ______________________________________________________________________ Legal notice: Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna Copyright (c) 2004 dotpi.com Information Technologies S.L. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of the authors. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact the authors for explicit written permission at the following e-mail addresses: (scg at udc.es) and (info at dotpi.com). Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _____________________________________________________________________

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. LibTIFF Library TIFFFetchStripThing() Perform memory allocation in functions CheckMalloc() An integer overflow vulnerability exists due to a flaw in the validation of the value passed to the function.LibTIFF Arbitrary code may be executed with the execution authority of the application that uses the library. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15227 VERIFY ADVISORY: http://secunia.com/advisories/15227/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. 2) An integer overflow error in the AppKit component when processing TIFF files can be exploited by malicious people to compromise a user's system. For more information: SA13607 3) An error in the AppKit component when parsing certain TIFF images can result in an invalid call to the "NXSeek()" function, which will crash an affected Cocoa application. 4) An error within the handling of AppleScript can be exploited to display code to a user that is different than the code, which will actually run. 5) An error in the Bluetooth support may cause Bluetooth-enabled systems to share files via the Bluetooth file exchange service without notifying the user properly. 6) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services. 7) The chfn, chpass, and chsh utilities invoke certain external helper programs insecurely, which can be exploited by malicious, local users to gain escalated privileges. 8) A vulnerability in Finder can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges due to insecure creation of ".DS_Store" files. For more information: SA14188 9) A boundary error within the Foundation framework when handling environment variables can be exploited to cause a buffer overflow and may allow execution of arbitrary code. 10) An error in Help Viewer can be exploited to run JavaScript without the normally imposed security restrictions. 11) A security issue in the LDAP functionality may under certain circumstances result in passwords initially being stored in plain text. 12) Errors within the parsing of XPM files can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA12549 13) An error in lukemftpd can be exploited by malicious users to bypass chroot restrictions. In order to restrict users to their home directory, both their full name and short name must be listed in the "/etc/ftpchroot" file. However, the problem is that users can change their full name and thereby bypass this restriction. 14) A boundary error in the Netinfo Setup Tool (NeST) when processing input passed to the "-target" command line parameter can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with escalated privileges on a vulnerable system. 15) When enabling the HTTP proxy service in Server Admin, it is by default possible for everyone (including users on the Internet) to use the proxy service. 16) A vulnerability in sudo within the environment clearing can be exploited by malicious, local users to gain escalated privileges. For more information: SA13199 17) An error in the Terminal utility can be exploited to inject data via malicious input containing escape sequences in window titles. 18) An error in the Terminal utility can be exploited to inject commands into a user's Terminal session via malicious input containing escape characters in x-man-path URIs. SOLUTION: Apply Security Update 2005-005. Security Update 2005-005 (Client): http://www.apple.com/support/downloads/securityupdate2005005client.html Security Update 2005-005 (Server): http://www.apple.com/support/downloads/securityupdate2005005server.html PROVIDED AND/OR DISCOVERED BY: 1) JxT 3) Henrik Dalgaard 4) David Remahl 5) Kevin Finisterre, digitalmunition.com. 6) Kevin Finisterre, digitalmunition.com. 10) David Remahl 13) Rob Griffiths 14) Nico 17) David Remahl 18) David Remahl 19) Pieter de Boer ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301528 David Remahl: http://remahl.se/david/vuln/004/ http://remahl.se/david/vuln/010/ http://remahl.se/david/vuln/011/ http://remahl.se/david/vuln/012/ digitalmunition.com: http://www.digitalmunition.com/DMA[2005-0502a].txt iDEFENSE: http://www.idefense.com/application/poi/display?id=239&type=vulnerabilities OTHER REFERENCES: SA12549: http://secunia.com/advisories/12549/ SA13199: http://secunia.com/advisories/13199/ SA13607: http://secunia.com/advisories/13607/ SA14188: http://secunia.com/advisories/14188/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access. Asante FM2008 managed Ethernet switches contain a default backdoor account vulnerability. Note that these credentials aren't usable in the web administration interface, but only in the telnet or serial interfaces. Asante FM2008 v01.06 switches are vulnerable; other devices may be vulnerable as well

The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access. FM2008 Managed Ethernet Switch is prone to a remote security vulnerability

Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. It is reported that vulnerable Unity systems contain default user accounts and passwords that can be used by an attacker to gain unauthorized access. This issue only arises when Unity is integrated with Microsoft Exchange. Unauthorized attakers may use these accounts to gain administrative access to vulnerable systems. Some accounts can allow attackers to disclose messages going to and from external voicemail systems. When used in conjunction with Exchange, there are multiple default username/password combinations. These default accounts are: EAdmin<systemid> UNITY_<servername> UAMIS_<servername> UOMNI_<servername> UVPIM_<servername> ESubsubscriber Accessible management interface with EAdmin <systemid> for application control. Any incoming or outgoing messages can be read using UNITY_<servername>, UAMIS_<servername>, UOMNI_<servername> or UVPIM_<servername>

Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. Kerio WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer are all reported prone to a design flaw. It is reported that these products store credentials in a local database store, these credentials are obscured using an unspecified symmetric encryption algorithm. Reports indicate that a universal secret key is employed to extract plain text from the credential hashes; this presents a security risk because the universal secret key is stored in the WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer binaries. Kerio is an Internet security software company whose main products include firewall and mail system. ______________________________________________________________________ Secure Computer Group - University of A Coruna http://research.tic.udc.es/scg/ -- x -- dotpi.com Information Technologies Research Labs http://www.dotpi.com ______________________________________________________________________ ID: #20041214-1 Document title: Insecure Credential Storage on Kerio Software Document revision: 1.0 Coordinated release date: 2004/12/14 Vendor Acknowledge date: 2004/10/06 Reported date: 2004/10/01 CVE Name: CAN-2004-1022 Other references: N/A ______________________________________________________________________ Summary: Impact: Insecure Credential Storage Rating/Severity: Medium Recommendation: Update to latest version Vendor: Kerio Technologies Inc. Affected software: Kerio WinRoute Firewall (all versions) Kerio ServerFirewall (all versions) Kerio MailServer (all versions) Updates/Patches: Yes (see below) ______________________________________________________________________ General Information: 1. Executive summary: ------------------ As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined this security issue on Kerio WinRoute Firewall (KWF), Kerio ServerFirewall (KSF) and Kerio MailServer (KMS). Anyone with a cyphertext of this database (that is, with access to the configuration files) could reverse the encryption using a universal secret key hidden into the program logic. New versions of the software solve this and other minor problems so it is upgrade its highly recommended. 2. Technical details: ------------------ Following the latest trends and approaches to responsible disclosure, SCG and dotpi.com are going to withhold details of this flaw for three months. Full details will be published on 2005/03/14. This three month window will allow system administrators the time needed to obtain the patch before the details are released to the general public. 3. Risk Assessment factors: ------------------------ The attacker needs access to the user database, which is not normally a usual condition on a properly hardened firewall and/or mail server. Despite this, special care should be taken on shared environments where more than one technical staff work together on the firewall and/or the mail server. This kind of scenarios offer a potential opportunity for the insiders on the work of stealing identities and, therefore, breaking access control measures. It is also important to note that this could be an important second-stage resource for a successful attacker on an already compromised firewall and/or mail server. 4. Solutions and recommendations: ------------------------------ Upgrade to the latest versions: o Kerio Winroute Firewall 6.0.9 o Kerio ServerFirewall 1.0.1 o Kerio MailServer 6.0.5 As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services. Note: Kerio Winroute Firewall 6.0.7 fixed CAN-2004-1022. Kerio Winroute Firewall 6.0.9 is the current version fixing CAN-2004-1022 and CAN-2004-1023 5. Common Vulnerabilities and Exposures (CVE) project: --------------------------------------------------- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1022 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. ______________________________________________________________________ Acknowledgements: 1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole Technical Team from Kerio Technologies (support at kerio.com) for their quick response and professional handling on this issue. 3. The whole Research Lab at dotpi.com and specially to Carlos Veira for his leadership and support. 3. Secure Computer Group at University of A Coruna (scg at udc.es), and specially to Antonino Santos del Riego powering new research paths at University of a Coruna. ______________________________________________________________________ Credits: Javier Munoz (Secure Computer Group) is credited with this discovery. ______________________________________________________________________ Related Links: [1] Kerio Technologies Inc. http://www.kerio.com/ [2] Kerio WinRoute Firewall Downloads & Updates http://www.kerio.com/kwf_download.html [3] Kerio ServerFirewall Downloads & Updates http://www.kerio.com/ksf_download.html [4] Kerio MailServer Downloads & Updates http://www.kerio.com/kms_download.html [5] Secure Computer Group. University of A Coruna http://research.tic.udc.es/scg/ [6] Secure Computer Group. Updated advisory http://research.tic.udc.es/scg/advisories/20041214-1.txt [7] dotpi.com Information Technologies S.L. http://www.dotpi.com/ [8] dotpi.com Research Labs http://www.dotpi.com/research/ ______________________________________________________________________ Legal notice: Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna Copyright (c) 2004 dotpi.com Information Technologies S.L. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of the authors. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact the authors for explicit written permission at the following e-mail addresses: (scg at udc.es) and (info at dotpi.com). Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _____________________________________________________________________

Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss). Multiple unspecified remote vulnerabilities reportedly affect Kerio's WinRoute Firewall. These issues are likely due to design errors and a failure or the application to properly handle malformed network data, although this is not verified. The first issue is a remote denial of service that may cause the affected computer to crash or hang. The second issue is a DNS cache poisoning vulnerability. The final issue is an information disclosure vulnerability. An attacker may exploit these issues to gain access to otherwise restricted information and manipulate the DNS cache of the affected firewall, potentially facilitating further attacks against the affected network. Also an attacker may leverage these issues to cause the affected computer to crash or hang, facilitating a denial of service condition. TITLE: Kerio WinRoute Firewall Unspecified DNS Cache Poisoning Vulnerability SECUNIA ADVISORY ID: SA13374 VERIFY ADVISORY: http://secunia.com/advisories/13374/ CRITICAL: Moderately critical IMPACT: Spoofing, Manipulation of data WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to an unspecified error and can be exploited to insert fake information in the DNS cache. The vulnerability has been reported in version 6.0.8. Prior versions may also be affected. NOTE: Other issues have also been fixed, where some may be security related. SOLUTION: Update to version 6.0.9. http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. This issue may allow a remote attacker to carry out phishing style attacks. This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a pop up window from the trusted site that can be influenced by the attacker's site. If successful, the contents of the target site's window can be spoofed resulting in phishing style attacks. Safari is a browser of Apple Corporation. Safari 1.x has a window hijacking vulnerability. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. This is related to: SA11978 Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ The vulnerability has been confirmed in Safari version 1.2.4. Other versions may also be affected. SOLUTION: Do not browse untrusted sites while browsing trusted sites. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: http://secunia.com/secunia_research/2004-13/advisory/ OTHER REFERENCES: SA11978: http://secunia.com/advisories/11978/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. A local privilege escalation vulnerability reportedly affects Adobe Version Cue. This issue is due to a failure of the application to validate its environment, allowing an attacker to run arbitrary script code. It should be noted that this issue reportedly only affects Adobe Version Cue on Mac OS X platforms. An attacker may exploit this issue to have arbitrary scripts run with superuser privileges. This will facilitate privileges escalation

Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory

The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence.". Cisco CNS Network Registrar is a DNS/DHCP server offered by Cisco. It is available for Microsoft Windows, UNIX, and Linux platforms. These issues affect the Domain Name Service and Dynamic Host Configuration Protocol server components of the CNS Network Registrar. It is reported that an attacker may cause a crash by sending a specially crafted packet sequence to an affected server. These vulnerabilities only affect Cisco CNS Network Registrar for the Microsoft Windows platform. The first issue affects CNS Network Registrar versions 6.0 upto and including 6.1.1.3 and the second issue affects all versions including 6.1.1.3

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed. Mac OS X is an operating system used on Mac machines, based on the BSD system. A denial of service vulnerability exists in Safari 1.2.4 in Mac OS X version 10.3.6

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. It is reported that the software does not filter certain ZIP archives. Exploitation of this vulnerability may result in a false sense of security and in the execution of malicious applications. The vulnerability does not prevent compressed files from being opened on the target system. TITLE: F-Secure Products Zip Archive Virus Detection Bypass Vulnerability SECUNIA ADVISORY ID: SA13263 VERIFY ADVISORY: http://secunia.com/advisories/13263/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: F-Secure Internet Security 2005 http://secunia.com/product/4300/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ DESCRIPTION: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing ".zip" archives and can be exploited via a specially crafted ".zip" archive, which the scanner incorrectly calculates be of zero length. Successful exploitation causes malware in a specially crafted ".zip" archive to bypass the scanning functionality. NOTE: This is not a critical issue on client systems, as the malware still is detected when it is extracted. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2004-3.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. ZyXEL Prestige router series is reported prone to an access validation vulnerability. A remote attacker may exploit this vulnerability to reset the configuration of the router

iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. It is reported that when importing an Apple iCal calendar, iCal fails to warn an end user if the calendar contains an alarm. This may result in a victim importing a calendar that is believed to be safe when in reality the calendar contains malicious alarm entries

Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic. This issue is due to a failure of the application to handle anomalous network traffic. An attacker may leverage this issue to cause the affected router to crash, denying service to legitimate users

Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. Ipswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. Archive::Zip does not properly parse Zip files and may incorrectly interpret malformed zip archives to contain zero length/size files. As a a result, anti-virus software using Archive::Zip may fail to detect malicious content within a Zip archive. Archive::Zip is a free perl module for working with zip compressed files. Archive::Zip versions prior to 1.14 have security bypass vulnerabilities when used in antivirus programs

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. A restricted command execution bypass vulnerability affects GratiSoft's Sudo application. This issue is due to a design error that causes the application to fail to properly sanitize user-supplied environment variables. An attacker with sudo privileges may leverage this issue to execute commands that are explicitly disallowed. This may facilitate privileges escalation and certainly leads to a false sense of security