VARIoT IoT vulnerabilities database

Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. Apple's ImageIO component is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X 10.5 through 10.5.7, Mac OS X Server 10.5 through 10.5.7, and Apple Safari prior to 4.0.3. NOTE: This vulnerability was previously documented in BID 35954 (Apple Mac OS X 2009-003 Multiple Security Vulnerabilities) but has been given its own record to better document the issue. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. For more information: SA28923 SOLUTION: Update to Mac OS X v10.5.8 or apply Security Update 2009-003. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. Apple GarageBand is prone to an information-disclosure vulnerability. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in tracking a user's web activities. This issue affects versions prior to GarageBand 5.1 for Mac OS X 10.5.7. Apple GarageBand is a set of music production software from Apple (Apple). ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple GarageBand Web Activity Tracking Disclosure SECUNIA ADVISORY ID: SA36114 VERIFY ADVISORY: http://secunia.com/advisories/36114/ DESCRIPTION: A security issue has been reported in GarageBand, which can be exploited by malicious people to gain knowledge of sensitive information. The problem is caused due to Safari's preferences being changed to always accept cookies when opening GarageBand. This could allow third parties and advertisers to track a user's web activity. SOLUTION: Update to version 5.1. http://support.apple.com/downloads/GarageBand_5_1 NOTE: Users of previous versions should also check that their Safari preferences are set as desired. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3732 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. The problem is CVE-2009-2408 The problem is related to.By attackers, through a crafted certificate SSL There is a possibility of impersonating a server. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. UPDATE (October 5, 2009): The vendor states that Safari on Mac OS X is not affected by this issue. This vulnerability is related to CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird, and SeaMonkey. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. NOTE (August 6, 2009): This BID had included a similar issue in Fetchmail, but that issue is now documented in BID 35951 (Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability). If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid (CVE-2011-3365). Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2025-1 security@debian.org http://www.debian.org/security/ Steffen Joeris March 31, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : icedove Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163 Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate (MFSA 2009-42). CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names (MFSA 2009-43). CVE-2009-2463 monarch2020 discovered an integer overflow n a base64 decoding function (MFSA 2010-07). CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07). CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07). CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code (MFSA 2010-07). For the stable distribution (lenny), these problems have been fixed in version 2.0.0.24-0lenny1. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. For the testing distribution squeeze and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your icedove packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuzCYEACgkQ62zWxYk/rQfEoQCfZP1v8IKG5mZvqvpREtfgpHLH mSkAn3Irm0DPIBkS/Zqz2dMfEVSq96IU =gE9m -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" All users of the Mozilla Firefox binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"= All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11" All users of the Mozilla Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11" All Mozilla SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1" All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14" All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14" The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package: # emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package: # emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"= The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package: # emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11" The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package: # emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11" Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: # emerge --unmerge "www-client/icecat" Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: # emerge --unmerge "net-libs/xulrunner" Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: # emerge --unmerge "net-libs/xulrunner-bin" References ========== [ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Network Security Services Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36093 VERIFY ADVISORY: http://secunia.com/advisories/36093/ DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system. 1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate. 2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake. SOLUTION: Update to version 3.12.3 or later. PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This update fixes these vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:198 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firefox Date : August 7, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Security issues were identified and fixed in firefox 3.0.x: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location (CVE-2009-2654). IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.13 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a6822ef829b5dc2a49155770fc10cc20 2009.0/i586/beagle-0.3.8-13.14mdv2009.0.i586.rpm 2db822d3c7e73ac60ad781499e6ec251 2009.0/i586/beagle-crawl-system-0.3.8-13.14mdv2009.0.i586.rpm b0441b626197cb5d6e3444a3d482e79a 2009.0/i586/beagle-doc-0.3.8-13.14mdv2009.0.i586.rpm 5672bbd66911b997af8c84dbf7751bb5 2009.0/i586/beagle-epiphany-0.3.8-13.14mdv2009.0.i586.rpm e45dce0afc5f79b3744923edbb45d527 2009.0/i586/beagle-evolution-0.3.8-13.14mdv2009.0.i586.rpm 15b7970e50d9f5c47ddbf6e21f2bd782 2009.0/i586/beagle-gui-0.3.8-13.14mdv2009.0.i586.rpm a23bca93271243b989ea7afa3e898aca 2009.0/i586/beagle-gui-qt-0.3.8-13.14mdv2009.0.i586.rpm 9be046a4ddc0162ba1511715e08802ff 2009.0/i586/beagle-libs-0.3.8-13.14mdv2009.0.i586.rpm 2d60bf05386502d9fbb550f0bac1331b 2009.0/i586/devhelp-0.21-3.9mdv2009.0.i586.rpm 6bb27bb53d3bda021ceed7710d195338 2009.0/i586/devhelp-plugins-0.21-3.9mdv2009.0.i586.rpm 96e1d0f9d5c46a61a69c8a160285c92f 2009.0/i586/epiphany-2.24.0.1-3.11mdv2009.0.i586.rpm 36a0963341309cf3d0decf116c1a2668 2009.0/i586/epiphany-devel-2.24.0.1-3.11mdv2009.0.i586.rpm fef5d1610ade943011b36a0482e9043d 2009.0/i586/firefox-3.0.13-0.1mdv2009.0.i586.rpm 374b38801f273b8714be2782ac2e37c1 2009.0/i586/firefox-af-3.0.13-0.1mdv2009.0.i586.rpm f981898248d140a9b91619a690055c6f 2009.0/i586/firefox-ar-3.0.13-0.1mdv2009.0.i586.rpm cf01b3a96527899aad4f323c042c3ade 2009.0/i586/firefox-be-3.0.13-0.1mdv2009.0.i586.rpm 6fa86a03cb638ff49a28ac1073917df1 2009.0/i586/firefox-bg-3.0.13-0.1mdv2009.0.i586.rpm 089fda6b705c8a9abd994c819058f1c8 2009.0/i586/firefox-bn-3.0.13-0.1mdv2009.0.i586.rpm 8543e4eae4ce95e6eb32813bc1bc01fc 2009.0/i586/firefox-ca-3.0.13-0.1mdv2009.0.i586.rpm 4722b78b978a9f82de71d56fa0274ad4 2009.0/i586/firefox-cs-3.0.13-0.1mdv2009.0.i586.rpm 595d817763c4901c47b0ef479bd01bcc 2009.0/i586/firefox-cy-3.0.13-0.1mdv2009.0.i586.rpm 9bc25a5210fe99d2ba4d4b85e9018213 2009.0/i586/firefox-da-3.0.13-0.1mdv2009.0.i586.rpm e6fc11edfe7b86f04455b3dc7e4bd65e 2009.0/i586/firefox-de-3.0.13-0.1mdv2009.0.i586.rpm 9afa4c1062e91163756ef5109ff51187 2009.0/i586/firefox-el-3.0.13-0.1mdv2009.0.i586.rpm f75831ec921046c0dca1e13e34780c83 2009.0/i586/firefox-en_GB-3.0.13-0.1mdv2009.0.i586.rpm c58608f0789bdef53d1e89395fedf49f 2009.0/i586/firefox-eo-3.0.13-0.1mdv2009.0.i586.rpm 214574c3c5d82fe477ba0f50f63fd9fa 2009.0/i586/firefox-es_AR-3.0.13-0.1mdv2009.0.i586.rpm 658464fc37af0c06fffa759d037baceb 2009.0/i586/firefox-es_ES-3.0.13-0.1mdv2009.0.i586.rpm c5e764ad2738116d30343c0b38a962fa 2009.0/i586/firefox-et-3.0.13-0.1mdv2009.0.i586.rpm 8fb89898a68072bf7265c69d43410493 2009.0/i586/firefox-eu-3.0.13-0.1mdv2009.0.i586.rpm 3f361372c29fe95009dbd1078db64f65 2009.0/i586/firefox-ext-beagle-0.3.8-13.14mdv2009.0.i586.rpm 91464a6f25b8ea8c0d48de5cb0416740 2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.i586.rpm 9bc38cbec9d19bf568e6e9a89830a28f 2009.0/i586/firefox-fi-3.0.13-0.1mdv2009.0.i586.rpm 6dd78364bea9831ef0b3aa14f2d0118c 2009.0/i586/firefox-fr-3.0.13-0.1mdv2009.0.i586.rpm 180d5bfe08d234f02b1de34ca5654958 2009.0/i586/firefox-fy-3.0.13-0.1mdv2009.0.i586.rpm e4c18944adb12682655a90ee2faad97b 2009.0/i586/firefox-ga_IE-3.0.13-0.1mdv2009.0.i586.rpm 90b228a4010794165de329652ebbee25 2009.0/i586/firefox-gl-3.0.13-0.1mdv2009.0.i586.rpm f0586fdecb33249427065357a6e92d60 2009.0/i586/firefox-gu_IN-3.0.13-0.1mdv2009.0.i586.rpm 7bfc4a6196e2969a1cbae8d0f17f6ad1 2009.0/i586/firefox-he-3.0.13-0.1mdv2009.0.i586.rpm cca307fc57f277189b4d2bd8d7368abb 2009.0/i586/firefox-hi-3.0.13-0.1mdv2009.0.i586.rpm 052636e93f9576602a6d8876d19d8fc4 2009.0/i586/firefox-hu-3.0.13-0.1mdv2009.0.i586.rpm 899eeeca6c5305ce42fac890ae25acf4 2009.0/i586/firefox-id-3.0.13-0.1mdv2009.0.i586.rpm 876435ef3c302f94c8ce1cab6ec54e3e 2009.0/i586/firefox-is-3.0.13-0.1mdv2009.0.i586.rpm 9a663ac414779e841fa9e0b0de849e33 2009.0/i586/firefox-it-3.0.13-0.1mdv2009.0.i586.rpm 408453053f2dd0d238af016cb4e77237 2009.0/i586/firefox-ja-3.0.13-0.1mdv2009.0.i586.rpm cb0ab9447c1a5c439d1ede480c0f7835 2009.0/i586/firefox-ka-3.0.13-0.1mdv2009.0.i586.rpm 8fc83bc333676e38e3efd9b609fd674b 2009.0/i586/firefox-kn-3.0.13-0.1mdv2009.0.i586.rpm 612bb5fb598e61fb5802ff85708e6a5a 2009.0/i586/firefox-ko-3.0.13-0.1mdv2009.0.i586.rpm ac2312f1d74c268a72a4b4d3a4219ef1 2009.0/i586/firefox-ku-3.0.13-0.1mdv2009.0.i586.rpm 154dbc2ba6e46f5aa3ef99b66ec36a51 2009.0/i586/firefox-lt-3.0.13-0.1mdv2009.0.i586.rpm ecd25bc2d1e9cde62e0be85071c64529 2009.0/i586/firefox-lv-3.0.13-0.1mdv2009.0.i586.rpm 15f3d5c9a3a73a982c0c6351bb110271 2009.0/i586/firefox-mk-3.0.13-0.1mdv2009.0.i586.rpm 2b558113cd766e13056b99c48201f89b 2009.0/i586/firefox-mn-3.0.13-0.1mdv2009.0.i586.rpm 79f2fa3996f7b4f1779c6fa8f1a4543c 2009.0/i586/firefox-mr-3.0.13-0.1mdv2009.0.i586.rpm 8e73487dad85ffa6be02c17cc828beaa 2009.0/i586/firefox-nb_NO-3.0.13-0.1mdv2009.0.i586.rpm 366f85aa9ea20fcec1fef63b5a1f1df1 2009.0/i586/firefox-nl-3.0.13-0.1mdv2009.0.i586.rpm 43dca1cbb4ab3691cabf5cd74ffaf2b3 2009.0/i586/firefox-nn_NO-3.0.13-0.1mdv2009.0.i586.rpm 213f3e46bcfec9f7765569f4d004364a 2009.0/i586/firefox-oc-3.0.13-0.1mdv2009.0.i586.rpm d619b6e5f78f7f4bb0c60d19ceb7e876 2009.0/i586/firefox-pa_IN-3.0.13-0.1mdv2009.0.i586.rpm faf4b1e079c68e5697292fbdba30ebf1 2009.0/i586/firefox-pl-3.0.13-0.1mdv2009.0.i586.rpm 7d15b1990732f451bcfac1c1a7b77978 2009.0/i586/firefox-pt_BR-3.0.13-0.1mdv2009.0.i586.rpm c8b133b74d0eb2d3dec671a0c1f6bc86 2009.0/i586/firefox-pt_PT-3.0.13-0.1mdv2009.0.i586.rpm 4ece2c2e4e9fc0b25c8fb3287ec0b9af 2009.0/i586/firefox-ro-3.0.13-0.1mdv2009.0.i586.rpm f5ecba21ec0b359c057f378583b4279f 2009.0/i586/firefox-ru-3.0.13-0.1mdv2009.0.i586.rpm 4e64f4151cbcae1f498538d193cece9a 2009.0/i586/firefox-si-3.0.13-0.1mdv2009.0.i586.rpm 7989e3ec7fe2878ce4c334562aff9767 2009.0/i586/firefox-sk-3.0.13-0.1mdv2009.0.i586.rpm 7a117b88ad2206d9eda81ca884cbb385 2009.0/i586/firefox-sl-3.0.13-0.1mdv2009.0.i586.rpm 2d4d85a8e07af571c9c7e331de3be317 2009.0/i586/firefox-sq-3.0.13-0.1mdv2009.0.i586.rpm afc3cae145b8a5bce558aacbc0fdbfd1 2009.0/i586/firefox-sr-3.0.13-0.1mdv2009.0.i586.rpm a41f83c5f17482e24d113d7bee667984 2009.0/i586/firefox-sv_SE-3.0.13-0.1mdv2009.0.i586.rpm dc28d7e7746f1e95a25cb1e450c9619b 2009.0/i586/firefox-te-3.0.13-0.1mdv2009.0.i586.rpm f84f2d826d15843192a0f4b98e064547 2009.0/i586/firefox-th-3.0.13-0.1mdv2009.0.i586.rpm 1142168ff446e1a5f89be897815678b4 2009.0/i586/firefox-theme-kde4ff-0.14-4.9mdv2009.0.i586.rpm 0f8593cacdb0c3ee674c95ffcbc330fe 2009.0/i586/firefox-tr-3.0.13-0.1mdv2009.0.i586.rpm 69b5d73b3809140ab15c884cd75fc98f 2009.0/i586/firefox-uk-3.0.13-0.1mdv2009.0.i586.rpm e334049f5692cabfaedbe2c194b51202 2009.0/i586/firefox-zh_CN-3.0.13-0.1mdv2009.0.i586.rpm 2958cb63c8593fd8b8f1f68c8dde0905 2009.0/i586/firefox-zh_TW-3.0.13-0.1mdv2009.0.i586.rpm 7cda89f8cc627a59b61b976717be30d6 2009.0/i586/gnome-python-extras-2.19.1-20.9mdv2009.0.i586.rpm 576557a3a514f71933cb8a9c707ceb30 2009.0/i586/gnome-python-gda-2.19.1-20.9mdv2009.0.i586.rpm 976a8cff0d00126d7e4a807a8f879a54 2009.0/i586/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.i586.rpm 3d2424b8c8cab0668d691ebd947dd605 2009.0/i586/gnome-python-gdl-2.19.1-20.9mdv2009.0.i586.rpm 2e71485c4eca0038d61f4508926f7fa4 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.i586.rpm 5c1f92354d07da9682210eeb87825eb5 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.i586.rpm f04444a67896b048d7a84ed20357feed 2009.0/i586/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.i586.rpm 016f5cc2ec1a06598277a5b6be5efa2c 2009.0/i586/libdevhelp-1_0-0.21-3.9mdv2009.0.i586.rpm 1142e65abf94dac2b1b318bcea82bf5c 2009.0/i586/libdevhelp-1-devel-0.21-3.9mdv2009.0.i586.rpm 67d3d4ac04921885af224a9c70e87ae8 2009.0/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.0.i586.rpm af1331867d259d913a07f862a4079ee2 2009.0/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0bd0a103a85b8e8d4eaaac6dc5397867 2009.0/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0ec2c94351bc2f0c510721f09ea461b7 2009.0/i586/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.i586.rpm 37647fc015fa5559d6c77bb9e7321bfb 2009.0/i586/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.i586.rpm 2a89f46e141a1bc4218ce5f2dde00c1e 2009.0/i586/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.i586.rpm 914bcd8fb4c05239c2bdd162232a6ba3 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.i586.rpm 88e16f7cb5be2fc9fa83902ecafa19a6 2009.0/i586/xulrunner-1.9.0.13-0.1mdv2009.0.i586.rpm 4356ef867793688f2fde896a9d542057 2009.0/i586/yelp-2.24.0-3.9mdv2009.0.i586.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fd2a9ff60f4e68f4a481a5fe4a98c73a 2009.0/x86_64/beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 9b1d89b08f16e56768fd9542079f350d 2009.0/x86_64/beagle-crawl-system-0.3.8-13.14mdv2009.0.x86_64.rpm 6373aacafa1057af4684db790962e7ae 2009.0/x86_64/beagle-doc-0.3.8-13.14mdv2009.0.x86_64.rpm 4192fedb81ce69831e74fe6d3d93959f 2009.0/x86_64/beagle-epiphany-0.3.8-13.14mdv2009.0.x86_64.rpm 24e885319c5d9dfc9184d087dffc3f99 2009.0/x86_64/beagle-evolution-0.3.8-13.14mdv2009.0.x86_64.rpm 852adea7f93e3199a0f0c8843e7c55a8 2009.0/x86_64/beagle-gui-0.3.8-13.14mdv2009.0.x86_64.rpm fc485f7767ad85e2c026c404075d9229 2009.0/x86_64/beagle-gui-qt-0.3.8-13.14mdv2009.0.x86_64.rpm 07bb1b9c24c9f88ff8437d2c1b75878b 2009.0/x86_64/beagle-libs-0.3.8-13.14mdv2009.0.x86_64.rpm 092f8d36c077ff5d697d217156aca03a 2009.0/x86_64/devhelp-0.21-3.9mdv2009.0.x86_64.rpm a5101c919b946b770d14a049d788e8d9 2009.0/x86_64/devhelp-plugins-0.21-3.9mdv2009.0.x86_64.rpm 3d37811d58eabd343432f0bd79da93f9 2009.0/x86_64/epiphany-2.24.0.1-3.11mdv2009.0.x86_64.rpm 8bf41b3ccff1bbf6b517ddb43c65f3d4 2009.0/x86_64/epiphany-devel-2.24.0.1-3.11mdv2009.0.x86_64.rpm 90b2602358cda40b9b77ecf43d8a5813 2009.0/x86_64/firefox-3.0.13-0.1mdv2009.0.x86_64.rpm c802e7ce61f1c6db1861e1ad8625db58 2009.0/x86_64/firefox-af-3.0.13-0.1mdv2009.0.x86_64.rpm 26efc3eb99d920565bbecc31c5b29d2c 2009.0/x86_64/firefox-ar-3.0.13-0.1mdv2009.0.x86_64.rpm 5da83501fc42740dfca0a6b362e8e332 2009.0/x86_64/firefox-be-3.0.13-0.1mdv2009.0.x86_64.rpm 51267ac84ea3a0745f0229d4c379e591 2009.0/x86_64/firefox-bg-3.0.13-0.1mdv2009.0.x86_64.rpm 6ddce5aa96b508a7241526e00e78e393 2009.0/x86_64/firefox-bn-3.0.13-0.1mdv2009.0.x86_64.rpm 10c1b53854b08c634e853b8fc4fbbe74 2009.0/x86_64/firefox-ca-3.0.13-0.1mdv2009.0.x86_64.rpm 6f12ccc92981d70dbedeb8f99ac552e1 2009.0/x86_64/firefox-cs-3.0.13-0.1mdv2009.0.x86_64.rpm a0a79dd3c0984ee03834e06e44c6b632 2009.0/x86_64/firefox-cy-3.0.13-0.1mdv2009.0.x86_64.rpm 4fafa1c0616047cd355e9ce4621b964b 2009.0/x86_64/firefox-da-3.0.13-0.1mdv2009.0.x86_64.rpm 8b89533b107bcac1454e636d4bfdbb01 2009.0/x86_64/firefox-de-3.0.13-0.1mdv2009.0.x86_64.rpm 60ed34b007aef6983f7567df8e5aa360 2009.0/x86_64/firefox-el-3.0.13-0.1mdv2009.0.x86_64.rpm ae965aac1eaaecd6642a5926c221bcde 2009.0/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.0.x86_64.rpm 6df13fe269bc57cc42c94da2401def6d 2009.0/x86_64/firefox-eo-3.0.13-0.1mdv2009.0.x86_64.rpm 9d39eed36e33728f5a4d1cd629fcdc22 2009.0/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.0.x86_64.rpm f1f19bb222e2d5b2343535eab2beb94e 2009.0/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.0.x86_64.rpm 68eef6bc4021590584cb6fb1e137b1bd 2009.0/x86_64/firefox-et-3.0.13-0.1mdv2009.0.x86_64.rpm 54bc429f2eb350b2c94b4ecc776bfb8f 2009.0/x86_64/firefox-eu-3.0.13-0.1mdv2009.0.x86_64.rpm a4477742a5a74668cc72c9eda39ababa 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 6fdda4fcd02eff82a5fedbc0e7db4a89 2009.0/x86_64/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.x86_64.rpm 9138b808592bcf06e9cd6f0a58676c24 2009.0/x86_64/firefox-fi-3.0.13-0.1mdv2009.0.x86_64.rpm e8f9c8ea5248d400af9be21771195b66 2009.0/x86_64/firefox-fr-3.0.13-0.1mdv2009.0.x86_64.rpm 226c770c9eb371a9cd66747b3cad6828 2009.0/x86_64/firefox-fy-3.0.13-0.1mdv2009.0.x86_64.rpm 2260fcea15a9cc49b347390cadc71599 2009.0/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.0.x86_64.rpm f7a0c391873545dbb25c810ba12fe164 2009.0/x86_64/firefox-gl-3.0.13-0.1mdv2009.0.x86_64.rpm 32f993a35c46dcf8e25e39929b1ced2a 2009.0/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 2e4a73d19ccfcb20092160a6d5941e97 2009.0/x86_64/firefox-he-3.0.13-0.1mdv2009.0.x86_64.rpm 160666a1e608cff7401b43eed7f90535 2009.0/x86_64/firefox-hi-3.0.13-0.1mdv2009.0.x86_64.rpm b70b2c5f7af2cc81174f91cd31a1493c 2009.0/x86_64/firefox-hu-3.0.13-0.1mdv2009.0.x86_64.rpm 74fca931bba785ac47b7aa181494cdbb 2009.0/x86_64/firefox-id-3.0.13-0.1mdv2009.0.x86_64.rpm 3fe8638b5170b72917e4e8ea1174e17b 2009.0/x86_64/firefox-is-3.0.13-0.1mdv2009.0.x86_64.rpm 3f139ac3e9c365c8f693aba837e2a042 2009.0/x86_64/firefox-it-3.0.13-0.1mdv2009.0.x86_64.rpm f7b678a1bfbefda814fa83306222cc41 2009.0/x86_64/firefox-ja-3.0.13-0.1mdv2009.0.x86_64.rpm 7e939898258c08a317a36e07273ea209 2009.0/x86_64/firefox-ka-3.0.13-0.1mdv2009.0.x86_64.rpm 8882bfae1b24b58ff494f82415681987 2009.0/x86_64/firefox-kn-3.0.13-0.1mdv2009.0.x86_64.rpm 44fa31c02c81eaa8ae61bdcfbae64367 2009.0/x86_64/firefox-ko-3.0.13-0.1mdv2009.0.x86_64.rpm 2e072ba6d9650eea364a31eda816f11d 2009.0/x86_64/firefox-ku-3.0.13-0.1mdv2009.0.x86_64.rpm 36430330e9038c09c8d43c4cb448371e 2009.0/x86_64/firefox-lt-3.0.13-0.1mdv2009.0.x86_64.rpm 3ab6cc70b68e10bfd62cdfa896099eba 2009.0/x86_64/firefox-lv-3.0.13-0.1mdv2009.0.x86_64.rpm 3ed08b83e37d5b6e504dff1f8f716225 2009.0/x86_64/firefox-mk-3.0.13-0.1mdv2009.0.x86_64.rpm 7c392f1ece949f2cb44f980bd01e7f05 2009.0/x86_64/firefox-mn-3.0.13-0.1mdv2009.0.x86_64.rpm de1dff9b9089b68d57a98ddd4980b0a2 2009.0/x86_64/firefox-mr-3.0.13-0.1mdv2009.0.x86_64.rpm 05944f1a699c48a0ed982ec3d3f393c4 2009.0/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.0.x86_64.rpm f0cdec74711099dea77e948d5e41049e 2009.0/x86_64/firefox-nl-3.0.13-0.1mdv2009.0.x86_64.rpm f4a14720d7a2aea5cfd72fc6730d2434 2009.0/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.0.x86_64.rpm 16d2232a8ea403853c98628d15f6cb56 2009.0/x86_64/firefox-oc-3.0.13-0.1mdv2009.0.x86_64.rpm 80887101785cce0cc2e6a27b20b41f60 2009.0/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 701e26b5086b1d7d7e48e9c331ea9089 2009.0/x86_64/firefox-pl-3.0.13-0.1mdv2009.0.x86_64.rpm 6488b668d9adf9838ed5f99008bd1b4a 2009.0/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.0.x86_64.rpm 6c84cd88d4a0cef254c31f976a800935 2009.0/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.0.x86_64.rpm 636373ef3a086dab553648f83d482279 2009.0/x86_64/firefox-ro-3.0.13-0.1mdv2009.0.x86_64.rpm d6c65eba5659c9d149fb74aecd0811e3 2009.0/x86_64/firefox-ru-3.0.13-0.1mdv2009.0.x86_64.rpm 59499f35ccbf4fbc6e30b4b543808591 2009.0/x86_64/firefox-si-3.0.13-0.1mdv2009.0.x86_64.rpm 4055dc544ead5676a9f2722cc7de0194 2009.0/x86_64/firefox-sk-3.0.13-0.1mdv2009.0.x86_64.rpm caeb6cab946ba48c1a20a78f037ef2a4 2009.0/x86_64/firefox-sl-3.0.13-0.1mdv2009.0.x86_64.rpm 0bd2025f89f1a9f0f3ad440301b97e8e 2009.0/x86_64/firefox-sq-3.0.13-0.1mdv2009.0.x86_64.rpm 8fb7c0a27aad0d260dc578d5bb1edc12 2009.0/x86_64/firefox-sr-3.0.13-0.1mdv2009.0.x86_64.rpm 86cee077f57a2d01f82a57f0551fdaa9 2009.0/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.0.x86_64.rpm 197fb3cce50e96251dd25343c702e672 2009.0/x86_64/firefox-te-3.0.13-0.1mdv2009.0.x86_64.rpm 55de6243da14129f9c1920d1c10899c4 2009.0/x86_64/firefox-th-3.0.13-0.1mdv2009.0.x86_64.rpm 56e8da997a82e1e372f90a3e98223cc4 2009.0/x86_64/firefox-theme-kde4ff-0.14-4.9mdv2009.0.x86_64.rpm 6de08168f2bb62e24f8ee8cbebcd1e06 2009.0/x86_64/firefox-tr-3.0.13-0.1mdv2009.0.x86_64.rpm d52c8d02969da364f8863b148e31172d 2009.0/x86_64/firefox-uk-3.0.13-0.1mdv2009.0.x86_64.rpm a69b955bd947ae79203e14f19947a4be 2009.0/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.0.x86_64.rpm bfa84035e496517b0c750f904896e021 2009.0/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.0.x86_64.rpm 5f4c007fe54fdd6e306c0bc6a32ce055 2009.0/x86_64/gnome-python-extras-2.19.1-20.9mdv2009.0.x86_64.rpm 17063d1f6fa264a64488e8085ffbfdfd 2009.0/x86_64/gnome-python-gda-2.19.1-20.9mdv2009.0.x86_64.rpm d83b5300a513aa8339ffa20663c8ac42 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.x86_64.rpm 06d7f3eb117b4d9e4f84b910433325cf 2009.0/x86_64/gnome-python-gdl-2.19.1-20.9mdv2009.0.x86_64.rpm f5307d98cee90a569f425d64050d2dc6 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.x86_64.rpm 233d7ba8094c84e9e9823c960a2fd180 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.x86_64.rpm 897c01afbe582c23762a657f5b51f4f0 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.x86_64.rpm 7f3c87d9e9252afb547d799d1d6d8842 2009.0/x86_64/lib64devhelp-1_0-0.21-3.9mdv2009.0.x86_64.rpm 93194f771048027535174c69313c2834 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.9mdv2009.0.x86_64.rpm 364b6ddc466dc4ff461226e6294a9228 2009.0/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0d4a706595879f078eb4ec57e83274 2009.0/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm 914a5360230521851d79b1b4014d05b1 2009.0/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0c7d6fc7cd06f4b360e795ea73e224 2009.0/x86_64/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.x86_64.rpm 49fda0e4fd0db20a19575c267953b0d4 2009.0/x86_64/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.x86_64.rpm 21631df420534e57776cce23cbf26720 2009.0/x86_64/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.x86_64.rpm aacad587bb5852925be027737a9cbc12 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm ba4ebf98a11a3eac22e137453568c5f9 2009.0/x86_64/xulrunner-1.9.0.13-0.1mdv2009.0.x86_64.rpm c3de98f2e448f2f5020c53309ebef62e 2009.0/x86_64/yelp-2.24.0-3.9mdv2009.0.x86_64.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.1: 02a6e5e75e1f3ecf36a4d11f6dbedba7 2009.1/i586/beagle-0.3.9-9.5mdv2009.1.i586.rpm 482b004f51c7e2ace71be356e0038dc3 2009.1/i586/beagle-crawl-system-0.3.9-9.5mdv2009.1.i586.rpm 35b6c72c66b62354c4242ed5a411ad9c 2009.1/i586/beagle-doc-0.3.9-9.5mdv2009.1.i586.rpm 631ab9fdde431913bef47f7a1cfe648e 2009.1/i586/beagle-epiphany-0.3.9-9.5mdv2009.1.i586.rpm 6b1fb3a5454af591f23b57bbf22b3d0b 2009.1/i586/beagle-evolution-0.3.9-9.5mdv2009.1.i586.rpm 9622cf03e2a45e23db38d67f9fd50053 2009.1/i586/beagle-gui-0.3.9-9.5mdv2009.1.i586.rpm 6e40cf9fc5b65d1248624800389535b0 2009.1/i586/beagle-gui-qt-0.3.9-9.5mdv2009.1.i586.rpm 3b0e739963ac3b55e8707187e11fc279 2009.1/i586/beagle-libs-0.3.9-9.5mdv2009.1.i586.rpm f38430b9d54a355d78c344a815042493 2009.1/i586/epiphany-2.26.1-1.4mdv2009.1.i586.rpm 7464a347d7a112cba33c0451fdf3e494 2009.1/i586/epiphany-devel-2.26.1-1.4mdv2009.1.i586.rpm 35398cd906de679cbe81e39fa62a7bb5 2009.1/i586/firefox-3.0.13-0.1mdv2009.1.i586.rpm 747db0c713e55cc0ca0ecc85559ba20d 2009.1/i586/firefox-af-3.0.13-0.1mdv2009.1.i586.rpm 32b6dcc4dfd6bfb4baa22e2dd1974f05 2009.1/i586/firefox-ar-3.0.13-0.1mdv2009.1.i586.rpm d5ea263e00042a7f289878bad42030c5 2009.1/i586/firefox-be-3.0.13-0.1mdv2009.1.i586.rpm be72d85579f54829a57629e9de32e924 2009.1/i586/firefox-bg-3.0.13-0.1mdv2009.1.i586.rpm e1a249ed0b61d60e54dedd32e0920c88 2009.1/i586/firefox-bn-3.0.13-0.1mdv2009.1.i586.rpm abec705eb193cf54923ce26343093626 2009.1/i586/firefox-ca-3.0.13-0.1mdv2009.1.i586.rpm 9a9981f06f6e2c07c852a840e2e0c4be 2009.1/i586/firefox-cs-3.0.13-0.1mdv2009.1.i586.rpm d0b38d56ab9d0bd7b83294c916d18c22 2009.1/i586/firefox-cy-3.0.13-0.1mdv2009.1.i586.rpm 20762481ab33b7d288100af5d0df4b52 2009.1/i586/firefox-da-3.0.13-0.1mdv2009.1.i586.rpm c678cfa4ab8d7b255b08050fd696f51a 2009.1/i586/firefox-de-3.0.13-0.1mdv2009.1.i586.rpm 55ddb08f5d11860b3d1850644f8391bc 2009.1/i586/firefox-el-3.0.13-0.1mdv2009.1.i586.rpm f0cdc76908594aa02e8ac4426087c49a 2009.1/i586/firefox-en_GB-3.0.13-0.1mdv2009.1.i586.rpm 6d401632ede0e00d1100574ef5c691df 2009.1/i586/firefox-eo-3.0.13-0.1mdv2009.1.i586.rpm 0229797614722f047aab42187348dc23 2009.1/i586/firefox-es_AR-3.0.13-0.1mdv2009.1.i586.rpm f8d8dace13d5a80c7de216ced6f3c704 2009.1/i586/firefox-es_ES-3.0.13-0.1mdv2009.1.i586.rpm 7b5db78f898a0be652771f2a6c279683 2009.1/i586/firefox-et-3.0.13-0.1mdv2009.1.i586.rpm 60c1aaefbd0034c8b43911b1baf5b640 2009.1/i586/firefox-eu-3.0.13-0.1mdv2009.1.i586.rpm b289fd7f57f7186ca12568bf76c61e65 2009.1/i586/firefox-ext-beagle-0.3.9-9.5mdv2009.1.i586.rpm edb6ee195416dadf35cb73f809a5ff16 2009.1/i586/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.i586.rpm 0630091ee85b88ea38b8c8a9acd155d0 2009.1/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.i586.rpm ee77467d0ce879427f5b5653401e0ae7 2009.1/i586/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.i586.rpm d083b2e25d82ee4a28ee7bffa2fbcd6f 2009.1/i586/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.i586.rpm 6df500ba1935b1f75fc6bec70ec9954e 2009.1/i586/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.i586.rpm 5dea4c6d47a5dabb4e5d7ee8247ff5a8 2009.1/i586/firefox-fi-3.0.13-0.1mdv2009.1.i586.rpm 390c5d441455cc6e9c1bcbeda8e7dbca 2009.1/i586/firefox-fr-3.0.13-0.1mdv2009.1.i586.rpm 37f98a861ad4f0a22a85e2bce246c9dc 2009.1/i586/firefox-fy-3.0.13-0.1mdv2009.1.i586.rpm 6c095a6047feeca0daf6e08335aa09b2 2009.1/i586/firefox-ga_IE-3.0.13-0.1mdv2009.1.i586.rpm 73e498eba22675d906a7e0bcd98d8351 2009.1/i586/firefox-gl-3.0.13-0.1mdv2009.1.i586.rpm 5e7afc9a95d9a6aa8bc82eb4273c60ad 2009.1/i586/firefox-gu_IN-3.0.13-0.1mdv2009.1.i586.rpm 0f5f1b9052d09474e3ba239e93ecf6e3 2009.1/i586/firefox-he-3.0.13-0.1mdv2009.1.i586.rpm 43d603f48d2cb2056db51f496b1ec996 2009.1/i586/firefox-hi-3.0.13-0.1mdv2009.1.i586.rpm 5658131cf3843fbfd20259f34b3ba6c4 2009.1/i586/firefox-hu-3.0.13-0.1mdv2009.1.i586.rpm bda18918cf8e13fb5def716abfa954a5 2009.1/i586/firefox-id-3.0.13-0.1mdv2009.1.i586.rpm 1dcaedd447f98fea90da858018077827 2009.1/i586/firefox-is-3.0.13-0.1mdv2009.1.i586.rpm 2e4ff8ea149d58a8e643b1a1bbdd926c 2009.1/i586/firefox-it-3.0.13-0.1mdv2009.1.i586.rpm c19f3ca5d6017568651c8a121dea77f1 2009.1/i586/firefox-ja-3.0.13-0.1mdv2009.1.i586.rpm 38d9ab0a9c2ff15a8611314d22aeb431 2009.1/i586/firefox-ka-3.0.13-0.1mdv2009.1.i586.rpm eeea063ec6c259630ae7c6a101bf2bb0 2009.1/i586/firefox-kn-3.0.13-0.1mdv2009.1.i586.rpm 4af1e9aaecd7fe8f108a6e07e35af683 2009.1/i586/firefox-ko-3.0.13-0.1mdv2009.1.i586.rpm 97c7a6109534ed69ac2a95d46d98c83b 2009.1/i586/firefox-ku-3.0.13-0.1mdv2009.1.i586.rpm fa3c94d85013365ac1de09fba178725e 2009.1/i586/firefox-lt-3.0.13-0.1mdv2009.1.i586.rpm 89b99d16c7696215aa771ccb46b5140f 2009.1/i586/firefox-lv-3.0.13-0.1mdv2009.1.i586.rpm e68aca3813376b9d7ac91ed9e652c86a 2009.1/i586/firefox-mk-3.0.13-0.1mdv2009.1.i586.rpm 1189c9995b70c74ee8d025328926fe86 2009.1/i586/firefox-mn-3.0.13-0.1mdv2009.1.i586.rpm 25d5dc4d46f7519b4f7510b7563204a6 2009.1/i586/firefox-mr-3.0.13-0.1mdv2009.1.i586.rpm b948b123aeae7dd1ff6ceac9fb2fd4fe 2009.1/i586/firefox-nb_NO-3.0.13-0.1mdv2009.1.i586.rpm bd71f911c9c25dc049253388f0e38e27 2009.1/i586/firefox-nl-3.0.13-0.1mdv2009.1.i586.rpm 064243c7004e78e90dd3e95f9bbda10e 2009.1/i586/firefox-nn_NO-3.0.13-0.1mdv2009.1.i586.rpm db787a4f4019793289c643430362d20d 2009.1/i586/firefox-oc-3.0.13-0.1mdv2009.1.i586.rpm 982f104ab8655d4e4a58d2fc977abd0f 2009.1/i586/firefox-pa_IN-3.0.13-0.1mdv2009.1.i586.rpm 1910b94dd2e3b7f1959647608b2eea9f 2009.1/i586/firefox-pl-3.0.13-0.1mdv2009.1.i586.rpm ad497287a8eee4a53a9c73c93a93eb7f 2009.1/i586/firefox-pt_BR-3.0.13-0.1mdv2009.1.i586.rpm b0b38785c4509adeaf90ed00d7555307 2009.1/i586/firefox-pt_PT-3.0.13-0.1mdv2009.1.i586.rpm f48a4f020c694bb337738f073294d7b6 2009.1/i586/firefox-ro-3.0.13-0.1mdv2009.1.i586.rpm 925d46b4f5381b68da420d95707ea126 2009.1/i586/firefox-ru-3.0.13-0.1mdv2009.1.i586.rpm 9b146a4926086398e4d5ab11c699ea43 2009.1/i586/firefox-si-3.0.13-0.1mdv2009.1.i586.rpm ed0f2e95b6583fb3827b318b9a436a7f 2009.1/i586/firefox-sk-3.0.13-0.1mdv2009.1.i586.rpm 4b31198d77d385503ded07c92d5bfa28 2009.1/i586/firefox-sl-3.0.13-0.1mdv2009.1.i586.rpm a6c948af4cca0a6ed8add460614a2f15 2009.1/i586/firefox-sq-3.0.13-0.1mdv2009.1.i586.rpm 843076ec2061c31b5ca1e70b5c5e35bc 2009.1/i586/firefox-sr-3.0.13-0.1mdv2009.1.i586.rpm a27edd893e4de4da213d18ba020be791 2009.1/i586/firefox-sv_SE-3.0.13-0.1mdv2009.1.i586.rpm 4928710100f1cf2c7ef31cc2edf37a9f 2009.1/i586/firefox-te-3.0.13-0.1mdv2009.1.i586.rpm 69e8f023850274da2c755c97475bada0 2009.1/i586/firefox-th-3.0.13-0.1mdv2009.1.i586.rpm 508f99e1c11a9d563752ab846ef13ae6 2009.1/i586/firefox-theme-kde4ff-0.14-9.4mdv2009.1.i586.rpm 6a3c8c3572a54e84f875abd932d1f36a 2009.1/i586/firefox-tr-3.0.13-0.1mdv2009.1.i586.rpm bf9c26e5179d8ab5cab5dfbf3bcdf625 2009.1/i586/firefox-uk-3.0.13-0.1mdv2009.1.i586.rpm edc44052fc7c9f5e622d2c3ee936a15a 2009.1/i586/firefox-zh_CN-3.0.13-0.1mdv2009.1.i586.rpm f4e5ddc6ca4166fc7d9eac145daafa0f 2009.1/i586/firefox-zh_TW-3.0.13-0.1mdv2009.1.i586.rpm 2ec6ee6f4bc479a0df1aed09a14fabd6 2009.1/i586/gnome-python-extras-2.25.3-3.4mdv2009.1.i586.rpm de18a2772218441d111b34f22b167f13 2009.1/i586/gnome-python-gda-2.25.3-3.4mdv2009.1.i586.rpm 127a6a5e43d83d66d0ded5aa584c02c2 2009.1/i586/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.i586.rpm d48dd202de348a94e34a9ceddad39ea3 2009.1/i586/gnome-python-gdl-2.25.3-3.4mdv2009.1.i586.rpm d0385e185a8fdcfceb0b12e247f38a06 2009.1/i586/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.i586.rpm 40fabeba612597b0168c90526de831b3 2009.1/i586/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.i586.rpm aa828d3d1bdc98a39f9a42912c368c46 2009.1/i586/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.i586.rpm 24defa823e2663746ac1268ac84b6861 2009.1/i586/google-gadgets-common-0.10.5-8.4mdv2009.1.i586.rpm 242a77aebfbc468bfabb0adaff48de3b 2009.1/i586/google-gadgets-gtk-0.10.5-8.4mdv2009.1.i586.rpm fbd62d9e59ce22e981046e152864a145 2009.1/i586/google-gadgets-qt-0.10.5-8.4mdv2009.1.i586.rpm db4bbcef16b4cd0d6c5e2e6f6e3b21b2 2009.1/i586/google-gadgets-xul-0.10.5-8.4mdv2009.1.i586.rpm e01aca911fa6c0b6a65170b837d211b0 2009.1/i586/libggadget1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 453d4660196abc4ba630e8ef69ac155d 2009.1/i586/libggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 66fe485dc7244284b357002c6da72559 2009.1/i586/libggadget-qt1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 413423499013ae96ad1c291397227090 2009.1/i586/libgoogle-gadgets-devel-0.10.5-8.4mdv2009.1.i586.rpm 6082879c5af962a8474b1073f21eac37 2009.1/i586/libopensc2-0.11.7-1.5mdv2009.1.i586.rpm 3745d1c725f41358d618fb97220aafe9 2009.1/i586/libopensc-devel-0.11.7-1.5mdv2009.1.i586.rpm 9de279ba145068aa78851fd2ebd10f93 2009.1/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.1.i586.rpm 6a43e8778a0bec902b98a36ff62940f9 2009.1/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 8388761cf3518803db13cbf028521ce1 2009.1/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 24243e8c675f466359226df4c589c903 2009.1/i586/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.i586.rpm eb3ae0e067ab54672cf2e8892ebefcbf 2009.1/i586/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.i586.rpm 3a91f9218bc8888973d17767555d8aa8 2009.1/i586/opensc-0.11.7-1.5mdv2009.1.i586.rpm 4d47048da6df8491bf219ec1dc2341fb 2009.1/i586/python-xpcom-1.9.0.13-0.1mdv2009.1.i586.rpm fd9a9580bbcf6d01f1fb4eb7ded635d0 2009.1/i586/xulrunner-1.9.0.13-0.1mdv2009.1.i586.rpm 19e0b9f555a7fd853e3e918343f2755d 2009.1/i586/yelp-2.26.0-3.3mdv2009.1.i586.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: c36d9f1acf48047279e896bb634d234b 2009.1/x86_64/beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 5c95ae3cbbcf85f090fb9d0c1938d9ed 2009.1/x86_64/beagle-crawl-system-0.3.9-9.5mdv2009.1.x86_64.rpm 1840f428bb5e0dd7838d296efcb71e77 2009.1/x86_64/beagle-doc-0.3.9-9.5mdv2009.1.x86_64.rpm 4c721f370cea219bbe25aa38598c4e69 2009.1/x86_64/beagle-epiphany-0.3.9-9.5mdv2009.1.x86_64.rpm 9599ffa8713db93a3033b679587f3226 2009.1/x86_64/beagle-evolution-0.3.9-9.5mdv2009.1.x86_64.rpm 7482b55f0cad37b471a1cef5bd23c0e3 2009.1/x86_64/beagle-gui-0.3.9-9.5mdv2009.1.x86_64.rpm d050dd673c46bae92e5fec2f1bca03db 2009.1/x86_64/beagle-gui-qt-0.3.9-9.5mdv2009.1.x86_64.rpm bfd296ac1df14f1117709f22255af179 2009.1/x86_64/beagle-libs-0.3.9-9.5mdv2009.1.x86_64.rpm d98c5888135b45e638be7f2023014e1b 2009.1/x86_64/epiphany-2.26.1-1.4mdv2009.1.x86_64.rpm 1133129e7e311d8f17cf5e6a398f2361 2009.1/x86_64/epiphany-devel-2.26.1-1.4mdv2009.1.x86_64.rpm 47ebfc1eaecfb21fb64b76f5cff01bba 2009.1/x86_64/firefox-3.0.13-0.1mdv2009.1.x86_64.rpm 47450b56105eb661b4d5e764b92c4848 2009.1/x86_64/firefox-af-3.0.13-0.1mdv2009.1.x86_64.rpm acc8619b4a5ff7e07ca9e776671ab2df 2009.1/x86_64/firefox-ar-3.0.13-0.1mdv2009.1.x86_64.rpm 5aebde9a362c79ede6fb6d0e1290f61e 2009.1/x86_64/firefox-be-3.0.13-0.1mdv2009.1.x86_64.rpm d9f1967bf000028b89893b6aef966b89 2009.1/x86_64/firefox-bg-3.0.13-0.1mdv2009.1.x86_64.rpm ac21174d256d9d047ba8f76881543bb2 2009.1/x86_64/firefox-bn-3.0.13-0.1mdv2009.1.x86_64.rpm 18b756689eade8271ee8dc7899230a16 2009.1/x86_64/firefox-ca-3.0.13-0.1mdv2009.1.x86_64.rpm 0f57aaff5ccde5dfa661a90813d547db 2009.1/x86_64/firefox-cs-3.0.13-0.1mdv2009.1.x86_64.rpm 2252fa9007f0fc6a94d7a9438872afd3 2009.1/x86_64/firefox-cy-3.0.13-0.1mdv2009.1.x86_64.rpm 44f20e0a30f4cf16236838f9aa1f88d0 2009.1/x86_64/firefox-da-3.0.13-0.1mdv2009.1.x86_64.rpm 59c66733cf61d58d73fb9b5f41b57920 2009.1/x86_64/firefox-de-3.0.13-0.1mdv2009.1.x86_64.rpm 04100565176011d7150d3c087bb215df 2009.1/x86_64/firefox-el-3.0.13-0.1mdv2009.1.x86_64.rpm 5367a69056711c90e873e28472f0b19a 2009.1/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.1.x86_64.rpm 1230d78f22b979b5e7fee7cf4b18fce7 2009.1/x86_64/firefox-eo-3.0.13-0.1mdv2009.1.x86_64.rpm a8db004ce04338e0c8716d1a01ddcbbd 2009.1/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.1.x86_64.rpm ca48f0d5c7707c5ca05b11814d0bbaa0 2009.1/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.1.x86_64.rpm 942cf5ccd3d19a908f4d7da8371687c0 2009.1/x86_64/firefox-et-3.0.13-0.1mdv2009.1.x86_64.rpm 9cd2adde1f16c9c22a9ba8067da07833 2009.1/x86_64/firefox-eu-3.0.13-0.1mdv2009.1.x86_64.rpm 108d71c9ddaffbe3377c8110fd01455a 2009.1/x86_64/firefox-ext-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 940d1c80f9b8067634b2db20a6b4b442 2009.1/x86_64/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.x86_64.rpm ea3df4f56d5f7f04ed9bbd152b4b64e5 2009.1/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.x86_64.rpm 2632aec22bb53583910e897e2a1cacb6 2009.1/x86_64/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.x86_64.rpm 30a0d66124cd861aa9bad4d4667e2b0a 2009.1/x86_64/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.x86_64.rpm d5e04c94a1c8c01b8524e88d1259426d 2009.1/x86_64/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.x86_64.rpm ecfc78bb13ab5ba6cefe133f3af7b241 2009.1/x86_64/firefox-fi-3.0.13-0.1mdv2009.1.x86_64.rpm 744885d5ef6ddffc01cfd649aa78446c 2009.1/x86_64/firefox-fr-3.0.13-0.1mdv2009.1.x86_64.rpm f86420b3088e2f9e831a8f2942c80e20 2009.1/x86_64/firefox-fy-3.0.13-0.1mdv2009.1.x86_64.rpm f1e47c1c525deae51ca515bc54b191d9 2009.1/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.1.x86_64.rpm 1c9a4cf0086a2a73273dc2527146996b 2009.1/x86_64/firefox-gl-3.0.13-0.1mdv2009.1.x86_64.rpm 02181f2c28803c2f16f1a3e3b7fb02d8 2009.1/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 0d1f95ef27e7e0e4c91de3edf3fca42b 2009.1/x86_64/firefox-he-3.0.13-0.1mdv2009.1.x86_64.rpm cd404a74b0208aa6ed34aa267655909b 2009.1/x86_64/firefox-hi-3.0.13-0.1mdv2009.1.x86_64.rpm a2b6ae88c22fa0c6120fb08181880318 2009.1/x86_64/firefox-hu-3.0.13-0.1mdv2009.1.x86_64.rpm aa85d9b9afa4feddc6af9811caa5fe50 2009.1/x86_64/firefox-id-3.0.13-0.1mdv2009.1.x86_64.rpm e4bcf07136d1d4446dd61696fc639ef6 2009.1/x86_64/firefox-is-3.0.13-0.1mdv2009.1.x86_64.rpm b13bc89dcc3301215f990fafcb90bc32 2009.1/x86_64/firefox-it-3.0.13-0.1mdv2009.1.x86_64.rpm 4f22348d1ea02fb96c2f1cc8ee36e80e 2009.1/x86_64/firefox-ja-3.0.13-0.1mdv2009.1.x86_64.rpm 8a96165ab90b3055d625c95a3ccdc68e 2009.1/x86_64/firefox-ka-3.0.13-0.1mdv2009.1.x86_64.rpm 628bcfa94c5c11aa37a118ef6a3350cc 2009.1/x86_64/firefox-kn-3.0.13-0.1mdv2009.1.x86_64.rpm 7ade9a53e95fd05ce83a284168ce2170 2009.1/x86_64/firefox-ko-3.0.13-0.1mdv2009.1.x86_64.rpm bdfc5c720a9bbb1cb9578359d979465b 2009.1/x86_64/firefox-ku-3.0.13-0.1mdv2009.1.x86_64.rpm bd64b864d9c981c33fcd81c41c91cf7d 2009.1/x86_64/firefox-lt-3.0.13-0.1mdv2009.1.x86_64.rpm f9660b30a3eb579bbd89be4dc71a76a6 2009.1/x86_64/firefox-lv-3.0.13-0.1mdv2009.1.x86_64.rpm 709c8e7f32d9d49f600e5f05c1f87d1a 2009.1/x86_64/firefox-mk-3.0.13-0.1mdv2009.1.x86_64.rpm 0c7a1a138e579900d145b87917f6b2a2 2009.1/x86_64/firefox-mn-3.0.13-0.1mdv2009.1.x86_64.rpm b677a6c74468be431570a44903ee8fa4 2009.1/x86_64/firefox-mr-3.0.13-0.1mdv2009.1.x86_64.rpm daaa3e466eab6167abea639cae3ebce6 2009.1/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 1d964b69189c384f5a3c0960ee18b41e 2009.1/x86_64/firefox-nl-3.0.13-0.1mdv2009.1.x86_64.rpm d8fa342c4dfb6a2722ec9effcdcf3aa9 2009.1/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 4d90ce7edd695f4499767ef71b129299 2009.1/x86_64/firefox-oc-3.0.13-0.1mdv2009.1.x86_64.rpm 0b9c151cd2c230af2bed817e1b644cab 2009.1/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 19a26cf9c2a70c76e05cf8fee3470ba5 2009.1/x86_64/firefox-pl-3.0.13-0.1mdv2009.1.x86_64.rpm fe317964bd37486cd999dd3cfb04c520 2009.1/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.1.x86_64.rpm e2c5c97577af742a1416831bc43cb8f7 2009.1/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.1.x86_64.rpm f1f461aec3657b71b9ed4a5b4692b930 2009.1/x86_64/firefox-ro-3.0.13-0.1mdv2009.1.x86_64.rpm 09ecf09a2b59d569ecaaeed9a3146dee 2009.1/x86_64/firefox-ru-3.0.13-0.1mdv2009.1.x86_64.rpm bc2d376efedecbc89074ae581aa87275 2009.1/x86_64/firefox-si-3.0.13-0.1mdv2009.1.x86_64.rpm cec08f9dacf531d7dda18315216db705 2009.1/x86_64/firefox-sk-3.0.13-0.1mdv2009.1.x86_64.rpm 00c555b74e28addb4c5dc3edcfdee68e 2009.1/x86_64/firefox-sl-3.0.13-0.1mdv2009.1.x86_64.rpm 452f32a5e4dc4b3bd170b0fd1f2da034 2009.1/x86_64/firefox-sq-3.0.13-0.1mdv2009.1.x86_64.rpm ff77e5234ba14c18c8cf97b0ce864300 2009.1/x86_64/firefox-sr-3.0.13-0.1mdv2009.1.x86_64.rpm 17ba1ede71f4bb9b12b54a0325207abf 2009.1/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.1.x86_64.rpm 7ce4fc40ac9f173d156f94fce6e334a4 2009.1/x86_64/firefox-te-3.0.13-0.1mdv2009.1.x86_64.rpm 64495f1b732da002632b16c402c6b289 2009.1/x86_64/firefox-th-3.0.13-0.1mdv2009.1.x86_64.rpm db3a4f8fc0c4b7eab23fa30d92b6b626 2009.1/x86_64/firefox-theme-kde4ff-0.14-9.4mdv2009.1.x86_64.rpm dc2098a10b0fb76849d3127ec5be3fdf 2009.1/x86_64/firefox-tr-3.0.13-0.1mdv2009.1.x86_64.rpm 8060c3319d3ddc294dd23ad96b0dddce 2009.1/x86_64/firefox-uk-3.0.13-0.1mdv2009.1.x86_64.rpm 093a18263fd0b5e8a249ba3ae309d033 2009.1/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.1.x86_64.rpm 98141646609afd7b4e0d775c6a43c2d6 2009.1/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.1.x86_64.rpm a1310aa2ad1069c9b334e924856c4aba 2009.1/x86_64/gnome-python-extras-2.25.3-3.4mdv2009.1.x86_64.rpm eaf634e01b450fef9569c5c960b2c95f 2009.1/x86_64/gnome-python-gda-2.25.3-3.4mdv2009.1.x86_64.rpm 2ec8ab29ff1f49582d4f56b8c92440f0 2009.1/x86_64/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.x86_64.rpm acec5c9b14df2b10f9df47df0803c6e8 2009.1/x86_64/gnome-python-gdl-2.25.3-3.4mdv2009.1.x86_64.rpm 68bbcfe7d270dd49b7e550be197c775b 2009.1/x86_64/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.x86_64.rpm b9cd18d7efd34c9775be4b742a7e37a2 2009.1/x86_64/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.x86_64.rpm 72d4f8e53f8a4cf8ed418e387ab320dd 2009.1/x86_64/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.x86_64.rpm 30d58bb6680778587ee80dcfaa935c20 2009.1/x86_64/google-gadgets-common-0.10.5-8.4mdv2009.1.x86_64.rpm 2185d6144593d136ce92db2435cce190 2009.1/x86_64/google-gadgets-gtk-0.10.5-8.4mdv2009.1.x86_64.rpm 8cbbc63875d035a089fc83e6139fa745 2009.1/x86_64/google-gadgets-qt-0.10.5-8.4mdv2009.1.x86_64.rpm 350d36d5c4dcec349eea1c4babb82075 2009.1/x86_64/google-gadgets-xul-0.10.5-8.4mdv2009.1.x86_64.rpm b154ed291a0d28708d0122953bf6f7c3 2009.1/x86_64/lib64ggadget1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 62883fed1843c556659b681ccaedbaf7 2009.1/x86_64/lib64ggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm c04399358f39bea011b70516b53c77f3 2009.1/x86_64/lib64ggadget-qt1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 681cf0d9f283b53c2d9d2063695d3863 2009.1/x86_64/lib64google-gadgets-devel-0.10.5-8.4mdv2009.1.x86_64.rpm 014d1c2c8f128d9bff62c0dc1950fa6e 2009.1/x86_64/lib64opensc2-0.11.7-1.5mdv2009.1.x86_64.rpm 5833b0c82ae72fa9dd86fae661496fdc 2009.1/x86_64/lib64opensc-devel-0.11.7-1.5mdv2009.1.x86_64.rpm 5860961f66479a8a3d53d25b2f60e92c 2009.1/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.1.x86_64.rpm e1e06188cc7a6784d9a2542c21389e44 2009.1/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm c245b2dfa3c671353719224d8ca4529f 2009.1/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm 06c9d38b4830a69f5396d3bb75132e46 2009.1/x86_64/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.x86_64.rpm 35b409ded01fb0eb7d025351b9d2bf32 2009.1/x86_64/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm ce9a6dd2cb27352e5567f0b07706ec0d 2009.1/x86_64/opensc-0.11.7-1.5mdv2009.1.x86_64.rpm c0a59d0e57cf7d0446b89a7f60053b62 2009.1/x86_64/python-xpcom-1.9.0.13-0.1mdv2009.1.x86_64.rpm e2a2058629df60177dd44c31f01a7610 2009.1/x86_64/xulrunner-1.9.0.13-0.1mdv2009.1.x86_64.rpm 90bc8f01bbb02ea3684fae73d0724cee 2009.1/x86_64/yelp-2.26.0-3.3mdv2009.1.x86_64.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Enterprise Server 5: 68ce74618320a30cfdfe2d4063d5418e mes5/i586/firefox-3.0.13-0.1mdvmes5.i586.rpm 6d43b355dba55dd1af55e9cc713f0605 mes5/i586/firefox-af-3.0.13-0.1mdvmes5.i586.rpm 7d1f2c0b1f9151e2075c0c36d907fa00 mes5/i586/firefox-ar-3.0.13-0.1mdvmes5.i586.rpm 3988712bafbab7d137996404484cde30 mes5/i586/firefox-be-3.0.13-0.1mdvmes5.i586.rpm 593ee45262bec9390b221c02d8ee8864 mes5/i586/firefox-bg-3.0.13-0.1mdvmes5.i586.rpm 3567bb9057794aaf470d5d766a75bae0 mes5/i586/firefox-bn-3.0.13-0.1mdvmes5.i586.rpm 4f694f127521b4cddc19f0f50a3be63d mes5/i586/firefox-ca-3.0.13-0.1mdvmes5.i586.rpm cd04a5a66a2670f908fcb511d9a9821c mes5/i586/firefox-cs-3.0.13-0.1mdvmes5.i586.rpm 44eb4f6361c6645057f941e6e1ca43b4 mes5/i586/firefox-cy-3.0.13-0.1mdvmes5.i586.rpm f748608e0c7e1b5b382889af5a540012 mes5/i586/firefox-da-3.0.13-0.1mdvmes5.i586.rpm c1afbf2462632580e10beedf00ef4e23 mes5/i586/firefox-de-3.0.13-0.1mdvmes5.i586.rpm f55d0c036d9c84a9324ee618946810c0 mes5/i586/firefox-el-3.0.13-0.1mdvmes5.i586.rpm f51244caf9b6b71e6fc3c23cae421abf mes5/i586/firefox-en_GB-3.0.13-0.1mdvmes5.i586.rpm 2a4eccef20f00eceacce64a64327e5c6 mes5/i586/firefox-eo-3.0.13-0.1mdvmes5.i586.rpm 76e3121e28b5b223aaeb314a1bb30d03 mes5/i586/firefox-es_AR-3.0.13-0.1mdvmes5.i586.rpm f6f773cb3c0dfdea56f7cb1d1b02690d mes5/i586/firefox-es_ES-3.0.13-0.1mdvmes5.i586.rpm b41e4d171aba9ee620fe9987fee705f3 mes5/i586/firefox-et-3.0.13-0.1mdvmes5.i586.rpm f608df3e51d71887c42ee383a4a42de6 mes5/i586/firefox-eu-3.0.13-0.1mdvmes5.i586.rpm b246f92f226918d0bdb94cea1eb36040 mes5/i586/firefox-fi-3.0.13-0.1mdvmes5.i586.rpm 0731bc1f06c6d11892dfd0d6390fe2c8 mes5/i586/firefox-fr-3.0.13-0.1mdvmes5.i586.rpm aa6c29bb715d24c7408f9b87cdbb6a8c mes5/i586/firefox-fy-3.0.13-0.1mdvmes5.i586.rpm 748f49cefa5cbad391825aca290d3c66 mes5/i586/firefox-ga_IE-3.0.13-0.1mdvmes5.i586.rpm 372e5844c83e30bd4f7166c43963cc07 mes5/i586/firefox-gl-3.0.13-0.1mdvmes5.i586.rpm a5dd5f6079e40de2c1f802e249d5e591 mes5/i586/firefox-gu_IN-3.0.13-0.1mdvmes5.i586.rpm a35f66c748bc656e3e372eda1b167030 mes5/i586/firefox-he-3.0.13-0.1mdvmes5.i586.rpm 448a23e0530358423527c5b802c6c8ae mes5/i586/firefox-hi-3.0.13-0.1mdvmes5.i586.rpm d387c02975f83f8dfe12eb4c52b0a331 mes5/i586/firefox-hu-3.0.13-0.1mdvmes5.i586.rpm 1cd59afe967658f2b423539334c3ce61 mes5/i586/firefox-id-3.0.13-0.1mdvmes5.i586.rpm 444267bd6f7274c59dd179f59e618753 mes5/i586/firefox-is-3.0.13-0.1mdvmes5.i586.rpm e5879fdc064e5e35eb89514ed3188eb7 mes5/i586/firefox-it-3.0.13-0.1mdvmes5.i586.rpm 022dfc09d80f3faf5557449828e1b15f mes5/i586/firefox-ja-3.0.13-0.1mdvmes5.i586.rpm 49f516c1985e8e177025ab0682bfc2ef mes5/i586/firefox-ka-3.0.13-0.1mdvmes5.i586.rpm c98f30efb698ee50e0754338feced95e mes5/i586/firefox-kn-3.0.13-0.1mdvmes5.i586.rpm 3a3f75d10a4a6149eefa8835e32a548c mes5/i586/firefox-ko-3.0.13-0.1mdvmes5.i586.rpm 53f1afe28e0cdf504819ca0d58bc1b76 mes5/i586/firefox-ku-3.0.13-0.1mdvmes5.i586.rpm b15b9c778a7476304cd9659a3435529e mes5/i586/firefox-lt-3.0.13-0.1mdvmes5.i586.rpm c2a743444a51e06b3aa079c7edc01564 mes5/i586/firefox-lv-3.0.13-0.1mdvmes5.i586.rpm 75bf88f7f10a7a5b893bc3e71da9ca40 mes5/i586/firefox-mk-3.0.13-0.1mdvmes5.i586.rpm b746223c11dde362ae707dc984a7d5b0 mes5/i586/firefox-mn-3.0.13-0.1mdvmes5.i586.rpm 71fb9f66d6eb6bf426c4bdddaa039aa7 mes5/i586/firefox-mr-3.0.13-0.1mdvmes5.i586.rpm dd91665a870035058d8cac9f68b9d0c1 mes5/i586/firefox-nb_NO-3.0.13-0.1mdvmes5.i586.rpm 5ae1128299337783f6f3f29a28cf92a3 mes5/i586/firefox-nl-3.0.13-0.1mdvmes5.i586.rpm 74c75652327d9b02ca55cae7e45552b9 mes5/i586/firefox-nn_NO-3.0.13-0.1mdvmes5.i586.rpm 91abc0e9b5150d18fde15c3dbfda86f4 mes5/i586/firefox-oc-3.0.13-0.1mdvmes5.i586.rpm 1537934527c0ea2bfba002c439406ae8 mes5/i586/firefox-pa_IN-3.0.13-0.1mdvmes5.i586.rpm 2d869ba32910994884254f480b03024f mes5/i586/firefox-pl-3.0.13-0.1mdvmes5.i586.rpm 1ba3ede9924e9dc6a6638392d91f99cc mes5/i586/firefox-pt_BR-3.0.13-0.1mdvmes5.i586.rpm 26afeb86b4504a69f94b94e682f10673 mes5/i586/firefox-pt_PT-3.0.13-0.1mdvmes5.i586.rpm 62d639de32fef65aef8570c51276cb94 mes5/i586/firefox-ro-3.0.13-0.1mdvmes5.i586.rpm 0d3b10dc73e079018344d44832438ea8 mes5/i586/firefox-ru-3.0.13-0.1mdvmes5.i586.rpm 32a5aaeaf848da9aa7faba6f9d9f0289 mes5/i586/firefox-si-3.0.13-0.1mdvmes5.i586.rpm ce70f29874f44b4117a33d57800df5aa mes5/i586/firefox-sk-3.0.13-0.1mdvmes5.i586.rpm e81efac5f94ee35764a11df872d0290c mes5/i586/firefox-sl-3.0.13-0.1mdvmes5.i586.rpm 969c7c1522c5373afb1eecf406d6c260 mes5/i586/firefox-sq-3.0.13-0.1mdvmes5.i586.rpm 4ed22d07ae67fc6485485af042cd8343 mes5/i586/firefox-sr-3.0.13-0.1mdvmes5.i586.rpm c6d4137d25e4fa72095344462a65bdd7 mes5/i586/firefox-sv_SE-3.0.13-0.1mdvmes5.i586.rpm 2341ba79e4cb97d9d60468dbf830d2fb mes5/i586/firefox-te-3.0.13-0.1mdvmes5.i586.rpm f34c9a0a4688eac1cc5751c6cc5cac0d mes5/i586/firefox-th-3.0.13-0.1mdvmes5.i586.rpm 65d9f18cb1102f84c24ae0582cd4fa52 mes5/i586/firefox-tr-3.0.13-0.1mdvmes5.i586.rpm 82d53b480119bd4a7f99c5f15c03021a mes5/i586/firefox-uk-3.0.13-0.1mdvmes5.i586.rpm 942142b433ac41efcfac98a6284b6df1 mes5/i586/firefox-zh_CN-3.0.13-0.1mdvmes5.i586.rpm c13f0e4ff2b0454c0f039fb4d9e1b906 mes5/i586/firefox-zh_TW-3.0.13-0.1mdvmes5.i586.rpm 28a317a81524e49dae66c679e071c7dc mes5/i586/libxulrunner1.9-1.9.0.13-0.1mdvmes5.i586.rpm f2fee170073833e92e05a1773fd7f79a mes5/i586/libxulrunner-devel-1.9.0.13-0.1mdvmes5.i586.rpm ee14bbfaa18e70c6e84ef4ef052f5518 mes5/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.i586.rpm f2cefcf568fb77cd7e9e57dad40643dc mes5/i586/xulrunner-1.9.0.13-0.1mdvmes5.i586.rpm af4d5ee43a7579e733e45b133525e7fe mes5/i586/yelp-2.24.0-3.9mdvmes5.i586.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: e03c3478bf344987f76907e81c291569 mes5/x86_64/firefox-3.0.13-0.1mdvmes5.x86_64.rpm 989de385bb476f7522882541aab3e05f mes5/x86_64/firefox-af-3.0.13-0.1mdvmes5.x86_64.rpm 7b84837d2401a0c7cff4f7481d69578e mes5/x86_64/firefox-ar-3.0.13-0.1mdvmes5.x86_64.rpm 51d077dc8a98838525f9c8614caf7811 mes5/x86_64/firefox-be-3.0.13-0.1mdvmes5.x86_64.rpm 6286b0236105ae18397c4a91d33e439b mes5/x86_64/firefox-bg-3.0.13-0.1mdvmes5.x86_64.rpm 2de1a7bcc7261876eff13fae68b08189 mes5/x86_64/firefox-bn-3.0.13-0.1mdvmes5.x86_64.rpm 1e44ba305a7e68d52647450f8777e213 mes5/x86_64/firefox-ca-3.0.13-0.1mdvmes5.x86_64.rpm ea295a97b2fa4b68bb093627a86d64c9 mes5/x86_64/firefox-cs-3.0.13-0.1mdvmes5.x86_64.rpm 137181dc58e872687e07c05961b3e844 mes5/x86_64/firefox-cy-3.0.13-0.1mdvmes5.x86_64.rpm 0e566afa6fc6039453a07774cb2a8afd mes5/x86_64/firefox-da-3.0.13-0.1mdvmes5.x86_64.rpm 9e0adea3596af1f8f95dcfac4a882aed mes5/x86_64/firefox-de-3.0.13-0.1mdvmes5.x86_64.rpm 007ec7d357e3f92cfc2def7390c5de69 mes5/x86_64/firefox-el-3.0.13-0.1mdvmes5.x86_64.rpm b3cb3fec4847f3950df7c8eb63a30654 mes5/x86_64/firefox-en_GB-3.0.13-0.1mdvmes5.x86_64.rpm dcb54c4aaec8489e2e768ecbda74391d mes5/x86_64/firefox-eo-3.0.13-0.1mdvmes5.x86_64.rpm 35985b7b0d0dee31e04608a0290e9ef6 mes5/x86_64/firefox-es_AR-3.0.13-0.1mdvmes5.x86_64.rpm 6154a855d02f202ce2abec4f24857189 mes5/x86_64/firefox-es_ES-3.0.13-0.1mdvmes5.x86_64.rpm f11f06980dc4911bcecc05daecae10c3 mes5/x86_64/firefox-et-3.0.13-0.1mdvmes5.x86_64.rpm 763ce8174c14f409dddfbd1fdb8aa33a mes5/x86_64/firefox-eu-3.0.13-0.1mdvmes5.x86_64.rpm 8e06f6d02f31cd75a5f0adc2c07b5b79 mes5/x86_64/firefox-fi-3.0.13-0.1mdvmes5.x86_64.rpm 91a7e39c750b5f13621a6e28026a9a29 mes5/x86_64/firefox-fr-3.0.13-0.1mdvmes5.x86_64.rpm a42546e8023cc76b9fa20197b4c8d879 mes5/x86_64/firefox-fy-3.0.13-0.1mdvmes5.x86_64.rpm a5c71261c0569a7ac356cd524bcc8e2b mes5/x86_64/firefox-ga_IE-3.0.13-0.1mdvmes5.x86_64.rpm 9c7bdef8c25b9f8bde7fc23330d9ee56 mes5/x86_64/firefox-gl-3.0.13-0.1mdvmes5.x86_64.rpm 57fc2626a71cd7c30b29bf6f657d8b01 mes5/x86_64/firefox-gu_IN-3.0.13-0.1mdvmes5.x86_64.rpm fdcfc85e77649e447205447fe50c5dfd mes5/x86_64/firefox-he-3.0.13-0.1mdvmes5.x86_64.rpm 8362b8bb5dbdcbfb59c4611329d093cd mes5/x86_64/firefox-hi-3.0.13-0.1mdvmes5.x86_64.rpm dcf7d31040980c688857daae110b0f19 mes5/x86_64/firefox-hu-3.0.13-0.1mdvmes5.x86_64.rpm 0d2b895382a88cb60a1bd85f4998ed6a mes5/x86_64/firefox-id-3.0.13-0.1mdvmes5.x86_64.rpm c76cf1e3e063204dbd7b43cbb2057cba mes5/x86_64/firefox-is-3.0.13-0.1mdvmes5.x86_64.rpm 3bb2be5f72710786bb187716cb6574c1 mes5/x86_64/firefox-it-3.0.13-0.1mdvmes5.x86_64.rpm 70c2a50d16cccd9c3cf9fd8d94239594 mes5/x86_64/firefox-ja-3.0.13-0.1mdvmes5.x86_64.rpm bba8deee10fda2787de3ab64fa4d9a7f mes5/x86_64/firefox-ka-3.0.13-0.1mdvmes5.x86_64.rpm 68b364b3b98f289c7a23f53e221d47e8 mes5/x86_64/firefox-kn-3.0.13-0.1mdvmes5.x86_64.rpm a4f1ae70d33196720fdd44e596603655 mes5/x86_64/firefox-ko-3.0.13-0.1mdvmes5.x86_64.rpm 6346cf41df51d14326568731308532bf mes5/x86_64/firefox-ku-3.0.13-0.1mdvmes5.x86_64.rpm d29a7afa66350e378bf5d3de7f76203f mes5/x86_64/firefox-lt-3.0.13-0.1mdvmes5.x86_64.rpm f0c2b91ae52b0fd6309c13c6aa7dae39 mes5/x86_64/firefox-lv-3.0.13-0.1mdvmes5.x86_64.rpm bf856892d6521c21ee75e1319c78dd34 mes5/x86_64/firefox-mk-3.0.13-0.1mdvmes5.x86_64.rpm ef8ab221b17c2da7b78c6055bb560af4 mes5/x86_64/firefox-mn-3.0.13-0.1mdvmes5.x86_64.rpm 5ef379935bc2943e1ee5b18a6447bbbf mes5/x86_64/firefox-mr-3.0.13-0.1mdvmes5.x86_64.rpm a1aaa61a653132105b4b2f40a2625e4b mes5/x86_64/firefox-nb_NO-3.0.13-0.1mdvmes5.x86_64.rpm 339baf16b41ba0660fde271355a3de7d mes5/x86_64/firefox-nl-3.0.13-0.1mdvmes5.x86_64.rpm c650a19b817d2b8cc1662986ffb04e59 mes5/x86_64/firefox-nn_NO-3.0.13-0.1mdvmes5.x86_64.rpm dc4d96fd6075c6a90b66b477510e179d mes5/x86_64/firefox-oc-3.0.13-0.1mdvmes5.x86_64.rpm 1b3dfa583675569048d1edeefe5c57ea mes5/x86_64/firefox-pa_IN-3.0.13-0.1mdvmes5.x86_64.rpm 8afc2ee811699233cd4d14fb0bb1d296 mes5/x86_64/firefox-pl-3.0.13-0.1mdvmes5.x86_64.rpm d79b9366c1e992a712c5a4f91b5dc786 mes5/x86_64/firefox-pt_BR-3.0.13-0.1mdvmes5.x86_64.rpm fa1f52c44c980cbd5dca80493e6675ee mes5/x86_64/firefox-pt_PT-3.0.13-0.1mdvmes5.x86_64.rpm 2a17cc2687a58a08354a5b10d2d3b852 mes5/x86_64/firefox-ro-3.0.13-0.1mdvmes5.x86_64.rpm 8000f1cb87249be3a0349d04cd4a9eb7 mes5/x86_64/firefox-ru-3.0.13-0.1mdvmes5.x86_64.rpm dad9e02f89bbb0854b275a148c66241c mes5/x86_64/firefox-si-3.0.13-0.1mdvmes5.x86_64.rpm c7d158a23a34629f14020eb5efaaf347 mes5/x86_64/firefox-sk-3.0.13-0.1mdvmes5.x86_64.rpm c8292fb404bbc4fc723583f656074fce mes5/x86_64/firefox-sl-3.0.13-0.1mdvmes5.x86_64.rpm 41706d44a8c609ea2ca0911c8216f9c2 mes5/x86_64/firefox-sq-3.0.13-0.1mdvmes5.x86_64.rpm dd036fccfa39a75f5f2d08c3c8e7348a mes5/x86_64/firefox-sr-3.0.13-0.1mdvmes5.x86_64.rpm f03d90e5417feca4d2fc3f03303023e7 mes5/x86_64/firefox-sv_SE-3.0.13-0.1mdvmes5.x86_64.rpm ee392c1fa9a4d6a286daae882fac30dd mes5/x86_64/firefox-te-3.0.13-0.1mdvmes5.x86_64.rpm e7dbf99e35d5709d2ba79997be5a0d8f mes5/x86_64/firefox-th-3.0.13-0.1mdvmes5.x86_64.rpm 4104f247e2eee44420fe588c2dc73f06 mes5/x86_64/firefox-tr-3.0.13-0.1mdvmes5.x86_64.rpm 9376a1d0cb246a9bf3ddde32d6547c3a mes5/x86_64/firefox-uk-3.0.13-0.1mdvmes5.x86_64.rpm 5e17ce5c19b28d4bf91b9ec4583a435b mes5/x86_64/firefox-zh_CN-3.0.13-0.1mdvmes5.x86_64.rpm b75f0b6f95cd8df522663ff5d5247912 mes5/x86_64/firefox-zh_TW-3.0.13-0.1mdvmes5.x86_64.rpm c22b5e430870d9e46ddf2fc49a3f399a mes5/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdvmes5.x86_64.rpm 99039eb2e0e34653b4f8a702df3eba28 mes5/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 8f8dc6a09f009108d5e58aed35bc3c88 mes5/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 64c12a8b37ce470ddeca303330fc759d mes5/x86_64/xulrunner-1.9.0.13-0.1mdvmes5.x86_64.rpm 50e336826d9447ee0a11ac696740f78a mes5/x86_64/yelp-2.24.0-3.9mdvmes5.x86_64.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfHuImqjQ0CJFipgRArnYAJwJ+vTi6q/JO7k6XU42/uknW/nuaQCdH6cE IPsXB9VGzG+N6kDjB1qX6x0= =dRCP -----END PGP SIGNATURE-----

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsy86021. May trigger memory corruption and crash showing %%Software-forced reload error. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An unspecified error exists in the processing of BGP update messages. constructed from more than 1000 autonomous systems. SOLUTION: Update to a fixed version (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 ========= For Public Release 2009 July 29 1600 UTC (GMT) Summary ======= Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section "Software Versions and Fixes" of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number <1.0-XX.YY> 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-4294967295> Autonomous system number <1.0-XX.YY> Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command "show running-config". The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document "Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software not explicitly mentioned in this Advisory * Cisco IOS XR Software * Cisco IOS NX-OS No other Cisco products are currently known to be affected by this vulnerability. Details ======= RFC4271 has defined an AS number as a two-octet entity in BGP. RFC4893 has defined an AS number as a four-octet entity in BGP. The first vulnerability could cause an affected device to reload when processing a BGP update that contains AS path segments made up of more than one thousand autonomous systems. If an affected 4-byte AS number BGP speaker receives a BGP update from a 2-byte AS number BGP speaker that contains AS path segments made up of more than one thousand autonomous systems, the device may crash with memory corruption, and the error "%%Software-forced reload" will be displayed. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a BGP update with a series of greater than one thousand AS numbers Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR Software, as a 2 byte AS number BGP speaker send BGP updates with a maximum of 255 AS numbers. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a non-RFC compliant crafted BGP update message This vulnerability is documented in Cisco Bug ID CSCta33973 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2049. Further information regarding Cisco support for 4-byte AS number is available in "Cisco IOS BGP 4-Byte ASN Support" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 6.7 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability CVSS Base Score - 5.4 Access Vector Network Access Complexity High Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 4.5 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this document may result in a reload of the device. The issue could result in repeated exploitation to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | |Recommended | |12.0-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.0 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DC |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.0(32)S11 | | | |are not vulnerable; first fixed in | | |12.0S |12.0(32)S14; | | | | | | | |Releases up to and including 12.0(33)S2 are| | | |not vulnerable; first fixed in 12.0(33)S5 | | |----------+-------------------------------------------+------------| |12.0SC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0ST |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10| | |are not vulnerable; first fixed in | | | |12.0(32)SY9a. | | |----------+-------------------------------------------+------------| |12.0SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0W |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XW |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.1-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.2-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.2 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2B |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EWA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2S |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SBC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SED |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SGA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2STE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXH |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.2(33)SXI | | |12.2SXI |are not vulnerable; CSCsy86021 first fixed | | | |in 12.2(33)SXI2; CSCta33973 first fixed in | | | |12.2(33)SXI3 | | |----------+-------------------------------------------+------------| |12.2SY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2TPC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNC |12.2(33)XNC2 | | |----------+-------------------------------------------+------------| |12.2XND |12.2(33)XND1; available 25th August 2009 | | |----------+-------------------------------------------+------------| |12.2XO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZYA |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.3-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.4-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.4 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4SW |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to 12.4(24)T are not | | |12.4T |vulnerable; first fixed in 12.4(24)T2 | | | |available on 23-Oct-2009 | | |----------+-------------------------------------------+------------| |12.4XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YD |Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Release Table +------------------------- +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | | | 2.1 | There are no affected 2.1 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | | | 2.2 | There are no affected 2.2 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | Releases up to and including 2.3.1t are vulnerable; | | 2.3 | First fixed in 2.3.2 | | Releases | | |----------+--------------------------------------------------------+ | Affected | Releases up to and including 2.4.0 are vulnerable; | | 2.4 | First fixed in 2.4.1, available 25th August 2009 | | Releases | | +----------+--------------------------------------------------------+ Workarounds =========== For the first vulnerability, there are no workarounds on the affected device. Neighbors could be configured to discard routes that have more than one thousand AS numbers in the AS-path segments. This configuration will help prevent the further propagation of BGP updates with the AS path segments made up of greater than one thousand AS numbers. Note: Configuring "bgp maxas-limit [value]" on the affected device does not mitigate this vulnerability. For the second vulnerability, configuring "bgp maxas-limit [value]" on the affected device does mitigate this vulnerability. Cisco is recommends using a conservative value of 100 to mitigate this vulnerability. Consult the document "Protecting Border Gateway Protocol for the Enterprise" at the following link for additional best practices on protecting BGP infrastructures: http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of malicious exploitation of either of these vulnerabilities, although we are aware of some customers who have seen the first vulnerability triggered within their infrastructures. Further investigation of those incidents seems to indicate that the vulnerability has been accidentally triggered. These vulnerabilities were discovered via internal product testing. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2009-July-29 1600 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi I6XwyRZTnktw7RSnT6Y/N1E= =KmUm -----END PGP SIGNATURE-----

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCta33973. May trigger memory corruption and crash with \\%\\%Software-forced reload error. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An unspecified error exists in the processing of BGP update messages. constructed from more than 1000 autonomous systems. SOLUTION: Update to a fixed version (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 ========= For Public Release 2009 July 29 1600 UTC (GMT) Summary ======= Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section "Software Versions and Fixes" of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number <1.0-XX.YY> 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-4294967295> Autonomous system number <1.0-XX.YY> Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command "show running-config". The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document "Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software not explicitly mentioned in this Advisory * Cisco IOS XR Software * Cisco IOS NX-OS No other Cisco products are currently known to be affected by this vulnerability. Details ======= RFC4271 has defined an AS number as a two-octet entity in BGP. RFC4893 has defined an AS number as a four-octet entity in BGP. The first vulnerability could cause an affected device to reload when processing a BGP update that contains AS path segments made up of more than one thousand autonomous systems. If an affected 4-byte AS number BGP speaker receives a BGP update from a 2-byte AS number BGP speaker that contains AS path segments made up of more than one thousand autonomous systems, the device may crash with memory corruption, and the error "%%Software-forced reload" will be displayed. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a BGP update with a series of greater than one thousand AS numbers Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR Software, as a 2 byte AS number BGP speaker send BGP updates with a maximum of 255 AS numbers. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a non-RFC compliant crafted BGP update message This vulnerability is documented in Cisco Bug ID CSCta33973 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2049. Further information regarding Cisco support for 4-byte AS number is available in "Cisco IOS BGP 4-Byte ASN Support" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 6.7 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability CVSS Base Score - 5.4 Access Vector Network Access Complexity High Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 4.5 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this document may result in a reload of the device. The issue could result in repeated exploitation to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | |Recommended | |12.0-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.0 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DC |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.0(32)S11 | | | |are not vulnerable; first fixed in | | |12.0S |12.0(32)S14; | | | | | | | |Releases up to and including 12.0(33)S2 are| | | |not vulnerable; first fixed in 12.0(33)S5 | | |----------+-------------------------------------------+------------| |12.0SC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0ST |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10| | |are not vulnerable; first fixed in | | | |12.0(32)SY9a. | | |----------+-------------------------------------------+------------| |12.0SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0W |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XW |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.1-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.2-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.2 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2B |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EWA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2S |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SBC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SED |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SGA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2STE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXH |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.2(33)SXI | | |12.2SXI |are not vulnerable; CSCsy86021 first fixed | | | |in 12.2(33)SXI2; CSCta33973 first fixed in | | | |12.2(33)SXI3 | | |----------+-------------------------------------------+------------| |12.2SY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2TPC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNC |12.2(33)XNC2 | | |----------+-------------------------------------------+------------| |12.2XND |12.2(33)XND1; available 25th August 2009 | | |----------+-------------------------------------------+------------| |12.2XO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZYA |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.3-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.4-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.4 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4SW |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to 12.4(24)T are not | | |12.4T |vulnerable; first fixed in 12.4(24)T2 | | | |available on 23-Oct-2009 | | |----------+-------------------------------------------+------------| |12.4XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YD |Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Release Table +------------------------- +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | | | 2.1 | There are no affected 2.1 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | | | 2.2 | There are no affected 2.2 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | Releases up to and including 2.3.1t are vulnerable; | | 2.3 | First fixed in 2.3.2 | | Releases | | |----------+--------------------------------------------------------+ | Affected | Releases up to and including 2.4.0 are vulnerable; | | 2.4 | First fixed in 2.4.1, available 25th August 2009 | | Releases | | +----------+--------------------------------------------------------+ Workarounds =========== For the first vulnerability, there are no workarounds on the affected device. Neighbors could be configured to discard routes that have more than one thousand AS numbers in the AS-path segments. This configuration will help prevent the further propagation of BGP updates with the AS path segments made up of greater than one thousand AS numbers. Note: Configuring "bgp maxas-limit [value]" on the affected device does not mitigate this vulnerability. For the second vulnerability, configuring "bgp maxas-limit [value]" on the affected device does mitigate this vulnerability. Cisco is recommends using a conservative value of 100 to mitigate this vulnerability. Consult the document "Protecting Border Gateway Protocol for the Enterprise" at the following link for additional best practices on protecting BGP infrastructures: http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of malicious exploitation of either of these vulnerabilities, although we are aware of some customers who have seen the first vulnerability triggered within their infrastructures. Further investigation of those incidents seems to indicate that the vulnerability has been accidentally triggered. These vulnerabilities were discovered via internal product testing. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2009-July-29 1600 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi I6XwyRZTnktw7RSnT6Y/N1E= =KmUm -----END PGP SIGNATURE-----

Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789. plural Cisco Used in products Cisco Wireless LAN Controller Contains a memory leak vulnerability. The problem is Bug ID : CSCsw40789 It is a problem.By a third party SSH Service disruption via management connection (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to crash and reload, denying service to legitimate users. This issue is being tracked by Cisco BugID CSCsw40789. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request unauthorized configuration modification vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsx03715 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-1164. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw40789 and has been assigned CVE ID CVE-2009-1165. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsy27708 and has been assigned CVE ID CVE-2009-1166. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. The vulnerability is documented by Cisco Bug ID CSCsy44672 and has been assigned CVE ID CVE-2009-1167. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----

Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) Contains a vulnerability that can be changed. The problem is Bug ID : CSCsy44672 It is a problem.Skillfully crafted by a third party HTTP Or HTTPS Settings may be changed via request. Successful exploits may allow attackers to modify configuration settings, which may compromise the affected device or aid in further attacks. This issue is being tracked by Cisco Bug ID CSCsy44672. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. An attacker could use this behavior to cause an affected device to crash and reload. Note: A three-way handshake is not required to exploit this vulnerability. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt \xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----

The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) For managing Web Interface has a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsy27708 It is a problem.Skillfully crafted by a third party HTTP Or HTTPS Service disruption via request (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to crash and reload, causing denial-of-service conditions. This issue is documented by Cisco Bug ID CSCsy27708. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt \xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----

SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The issue affects the following: WebSphere Partner Gateway 6.0 Enterprise WebSphere Partner Gateway 6.1.0 Enterprise WebSphere Partner Gateway 6.1.1 Enterprise WebSphere Partner Gateway 6.2 Enterprise. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. WebSphere Partner Gateway 6.0: Apply the latest Fix Pack (WPG 6.0 FP8 or later) or APAR JR32608. WebSphere Partner Gateway 6.1: Apply the latest Fix Pack (WPG 6.1 FP3, WPG 6.1.1 FP2 or later), or APAR JR32609 or APAR JR32386. WebSphere Partner Gateway 6.2: Apply the latest Fix Pack (WPG 6.2 FP1 or later) or APAR JR32607 (JR33176). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21382117 IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/52393 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) For managing Web Interface has a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsx03715 It is a problem.By a third party HTTP Or HTTPS Service disruption through malformed responses to authentication requests (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to reboot, causing denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request unauthorized configuration modification vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsx03715 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-1164. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw40789 and has been assigned CVE ID CVE-2009-1165. * Crafted HTTP or HTTPS request denial of service vulnerability An attacker with the ability to send a malicious HTTP request to an affected WLC could cause the device to crash and reload. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsy27708 and has been assigned CVE ID CVE-2009-1166. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. The vulnerability is documented by Cisco Bug ID CSCsy44672 and has been assigned CVE ID CVE-2009-1167. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt \xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. Successful exploits may allow attackers mount a symlink attack, which may allow the attacker to delete or corrupt sensitive files. Attackers can also rename arbitrary files and potentially cause a denial-of-service condition. Other attacks are also possible. Groff (GNU Troff) is the latest open source implementation of Troff, a document preparation system that generates print and screen documents for various devices from the same input source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University) Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX] bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org) Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078 ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844 Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600 OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422 PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365 QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold] SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033 OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Groff: Multiple Vulnerabilities Date: October 25, 2013 Bugs: #386335 ID: 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Background ========== GNU Troff (Groff) is a text formatter used for man pages. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2" References ========== [ 1 ] CVE-2009-5044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5044 [ 2 ] CVE-2009-5078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5078 [ 3 ] CVE-2009-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5079 [ 4 ] CVE-2009-5080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5080 [ 5 ] CVE-2009-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5081 [ 6 ] CVE-2009-5082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. Successful exploits may allow attackers mount a symlink attack, which may allow the attacker to delete or corrupt sensitive files. Attackers can also rename arbitrary files and potentially cause a denial-of-service condition. Other attacks are also possible. Groff (GNU Troff) is the latest open source implementation of Troff, a document preparation system that generates print and screen documents for various devices from the same input source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University) Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX] bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org) Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078 ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844 Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600 OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422 PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365 QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold] SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033 OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA44999 SOLUTION: Apply updated packages via the zypper package manager. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: GNU Troff "pdfroff" Script Insecure Temporary File Creation SECUNIA ADVISORY ID: SA44999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44999 RELEASE DATE: 2011-06-18 DISCUSS ADVISORY: http://secunia.com/advisories/44999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in GNU Troff, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the "pdfroff" script creating temporary files insecurely. The vulnerability is reported in version 1.20. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug report by Brian M. Carlson. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Groff: Multiple Vulnerabilities Date: October 25, 2013 Bugs: #386335 ID: 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Background ========== GNU Troff (Groff) is a text formatter used for man pages. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2" References ========== [ 1 ] CVE-2009-5044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5044 [ 2 ] CVE-2009-5078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5078 [ 3 ] CVE-2009-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5079 [ 4 ] CVE-2009-5080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5080 [ 5 ] CVE-2009-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5081 [ 6 ] CVE-2009-5082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0469-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0469.html Issue date: 2012-04-10 CVE Names: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). These flaws are detailed on the Adobe security page APSB12-08, listed in the References section. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 810397 - CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0774.html https://www.redhat.com/security/data/cve/CVE-2012-0775.html https://www.redhat.com/security/data/cve/CVE-2012-0777.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-08.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA48756 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48756/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48756 RELEASE DATE: 2012-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/48756/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48756/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48756 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-101B Adobe Reader and Acrobat Security Updates and Architectural Improvements Original release date: April 10, 2012 Last revised: -- Source: US-CERT Systems Affected * Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh * Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX * Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh * Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh Overview Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. In addition, Reader and Acrobat now disable the rendering of 3D content by default. These vulnerabilities affect Adobe Reader and Acrobat versions 9.x through 9.5, and Reader X and Acrobat X versions prior to 10.1.3. The Adobe ASSET blog provides additional details on new security architecture changes to Adobe Reader and Acrobat. This change helps limit the number of out-of-date, vulnerable Flash runtimes available to an attacker. Adobe Reader and Acrobat 9.5.1 also now disable rendering of 3D content by default because the 3D rendering components have a history of vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. This can happen automatically as the result of viewing a webpage. Solution Update Reader Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB12-08 and update vulnerable versions of Adobe Reader and Acrobat. In addition to updating, please consider the following mitigations. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. You can disable Acrobat JavaScript using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. Applying this workaround may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. Please send email to <cert@cert.org> with "TA12-101B Feedback VU#124663" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101B.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT4St0z/GkGVXE7GMAQK56gf+N4gfsTH8ssv6GzNqliZtpkgx5MI/Vo71 bx/DERpK2AtQaNk3genyZ1vShMjfKUk7GmVQCeDvcTxhc+yNSSi3hSGyX7FQbl9E 6p9mMLRD9OwJ63xq3fGmydNsgQnUTsjjRxkxC1DdojtlJL3HRsYYBXxguKQaPI1p UiPoMDu5W7LJ/9f+zrMbc4Hf15366YY7XGMmFL68OpwbxOT3aRrfLC/v6FErqHli UUg79tEm8FpemBrIzusqePviNYkci2M3K5fByp9opGrttPhTZAL8ddYJKfCSm+Xg lFs5dAwD0SCI3SQxG5B8RhGgLLCz87O+ifE1Q2UjFAvB6XWQifYDwA== =5dGp -----END PGP SIGNATURE----- . The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. This vulnerability is being actively exploited. II. III. Solution These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. US-CERT Vulnerability Note VU#259425 has additional details, as well as information about mitigating the PDF document attack vector. Thanks to Department of Defense Cyber Crime Center/DCISE for information used in this document. IV. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Do not browse untrusted websites or follow untrusted links. Updates will reportedly be available for Windows, Macintosh, and Linux versions by July 30. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/advisories/apsa09-03.html OTHER REFERENCES: US-CERT VU#259425: http://www.kb.cert.org/vuls/id/259425 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: June 22, 2012 Bugs: #405949, #411499 ID: 201206-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.5.1 >= 9.5.1 Description =========== Multiple vulnerabilities have been found in Adobe Reader, including an integer overflow in TrueType Font handling (CVE-2012-0774) and multiple unspecified errors which could cause memory corruption. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1" References ========== [ 1 ] CVE-2011-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370 [ 2 ] CVE-2011-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371 [ 3 ] CVE-2011-4372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372 [ 4 ] CVE-2011-4373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373 [ 5 ] CVE-2012-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774 [ 6 ] CVE-2012-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775 [ 7 ] CVE-2012-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776 [ 8 ] CVE-2012-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

SAP NetWeaver is prone to an information-disclosure vulnerability because it fails to properly secure communication channels between clients and servers. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors. Cisco Unified Contact Center Express is prone to a directory-traversal vulnerability. An attacker can exploit this issue to view, modify, or delete any file on the server through the CRS Administration interface. Successful exploits may lead to other attacks. This issue is tracked by Cisco BugID CSCsw76644. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco Unified Contact Center Express Two Vulnerabilities SECUNIA ADVISORY ID: SA35861 VERIFY ADVISORY: http://secunia.com/advisories/35861/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Unified Contact Center Express, which can be exploited by malicious users to conduct script insertion attacks, manipulate certain data, disclose potentially sensitive information, and potentially compromise a vulnerable system. 2) Certain input to the Cisco Unified CCX database is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. CRS 7x: Update to CRS version 7.0(1) SR2. CRS 5.x and 6.x: Apply hotfix crs5.0.2sr2es09 or crs6.0.1sr1es05. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack. Cisco has released free software updates that address these two vulnerabilities in the latest version of Cisco Unified CCX software. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml. Vulnerable Products +------------------ All versions of Cisco Unified CCX server running the following software may be affected by these vulnerabilities, to include: * Cisco Customer Response Solution (CRS) versions 3.x, 4.x, 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 3.x, 4.x, 5.x, 6.x, and 7.x * Cisco Unified CCX 4.x, 5.x, 6.x, and 7.x * Cisco Unified IP Contact Center Express versions 3.x, 5.x, 6.x, and 7.x * Cisco Customer Response Applications versions 3.x * Cisco IP Queue Manager (IP QM) versions 3.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. This vulnerability is documented in Cisco Bug ID CSCsw76644 and has been assigned Common Vulnerability and Exposures (CVE) ID CVE-2009-2047. The script injection vulnerability may allow authenticated users to enter JavaScript into the Cisco Unified CCX database. The stored script could be executed in the browser of the next authenticated user. This vulnerability is documented in Cisco Bug ID CSCsw76649 and has been assigned CVE ID CVE-2009-2048. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. * Incomplete input validation allows modification of OS files/directories (CSCsw76644) CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * script injection vulnerability in admin interface pages (CSCsw76649) CVSS Base Score - 5.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - None Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 4.5 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the directory traversal vulnerability may result in read and write access to files on the underlying operating system. Successful exploitation of the script injection vulnerability may result in the execution of JavaScript of authenticated users and prevent server pages from displaying properly. Software Versions and Fixes =========================== The fixes for these vulnerabilities are included in CRS version 7.0(1)SR2 and are available as a hotfix for customers running versions 5.x and 6.x. The hotfixes are crs5.0.2sr2es09 and crs6.0.1sr1es05. Information about how to obtain the hotfixes can be found in the release notes enclosures of the bugs at: CSCsw76644 and CSCsw76649. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There are no workarounds for these vulnerabilities. The script injection attacks that are described in this advisory are a specific classification of stored cross-site scripting attacks. A description and mitigation technique can be found in the applied mitigation bulletin available at the following link: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a008073f7b3.html These vulnerabilities can be detected and mitigated with IDS signatures 3216-0 and 19001-0. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by National Australia Bank's Security Assurance team. Cisco would like to thank the National Australia Bank's Security Assurance team for the discovery and reporting of these vulnerabilities. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------------------------+ | Revision 1.0 | 2009-July-15 | Initial public release | +-----------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. All rights reserved. +-------------------------------------------------------------------- Updated: Jul 15, 2009 Document ID: 110307 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpeCwIACgkQ86n/Gc8U/uCRVACfQ16BguNxTclUmslEdX/l/W8Y 6DcAoJ3WjD6cV2PJ5LPVei8F9mMDyXLj =wNQ1 -----END PGP SIGNATURE-----