VARIoT IoT vulnerabilities database

iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to perform man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502. Phoenix Contact FL IL 24 BK-PAC There is a service disruption ( hang ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( hang ) There is a possibility of being put into a state. (1) Unspecified operation (2) TCP port 502 Malformed input to

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects the CoreGraphics component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues.". Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the ImageIO component. Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. These issues affect the following: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: These issues were previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but have been assigned their own record to better document them. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. Apple Mac OS X is prone to a vulnerability that may allow attackers to bypass certain security warnings. The issue affects the Launch Services component. Successfully exploiting this issue may allow attackers to bypass certain security warnings and trick a user into opening unsafe malicious files. The following versions are affected: Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. This update adds the .fileloc type to the category of content types that the system flags as unsafe in certain circumstances (such as when downloading from mail). Although this content type is not automatically opened, it may execute malicious payloads if opened manually. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Samba is prone to a vulnerability that may allow attackers to bypass certain security restrictions. Successful exploits may allow attackers to gain access to resources that aren't supposed to be shared. Versions prior to Samba 3.4.2, 3.3.8, 3.2.15, and 3.0.37 are vulnerable. NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Mac OS X is the operating system used by the Apple family of machines. This allows local users to partly disclose the content of arbitrary files by specifying the file as credentials file and attempting to mount a samba share (CVE-2009-2948). A reply to an oplock break notification which samba doesn't expect could lead to the service getting stuck in an infinite loop. An attacker can use this to perform denial of service attacks via a specially crafted SMB request (CVE-2009-2906). A lack of error handling in case no home diretory was configured/specified for the user could lead to file disclosure. For the oldstable distribution (etch), this problem will be fixed soon. For the testing distribution (squeeze), this problem will be fixed soon. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc Size/MD5 checksum: 1830 7cc3718e19bbad5aa7099889c6c503a5 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz Size/MD5 checksum: 235342 836141a1924843383cc385e544c933e5 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb Size/MD5 checksum: 7952438 630b57065388404b8a9fe3e9e111dc47 http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb Size/MD5 checksum: 6252326 cded2ecbaa3fd39bd215dbb4ec666d4c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1945142 a6804ba408657cc4c89c80b0d6e4b8a4 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1078442 0bedbb5cdb5ca36f52d2e1d1a6015804 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 3273896 082fdadedaf0234b97a8aefc1ef62d8a http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 2572542 ed15d1a7aa9c065986a8e896d63479e2 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 4830106 58ed5cd28d4c43d07195d013cf25553f http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1461944 71adea7a3b47b65f8df4f3dc5efc4422 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 81488 d521efbda414cf6d4a588873442eb987 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 5730522 cca571adc80b833e7d9c45d5dd7fa103 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 637762 b526ea1ed9ca51d132a7685ec8320eea http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 1333234 36e35a3c252fabcfd2ec0ba8407323ca http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 3736262 9dc1a726efda21fa112ef2641c9b1f6a http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb Size/MD5 checksum: 6953202 b3e8de8b127bcd1f5dda4db61ed44b20 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 3274278 b732915df239ea1a9fff196250d6d383 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 1493684 460ed93756df58adfa57870d06c9aaff http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 627686 70379a8e6ce3b5d6de6af6b895d30619 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 3728204 ac7fb1f7d07628d0452d10e62b2d661d http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 1083940 5ca50cf6abd792b51e501f846f782231 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 5646144 09130baf353097710d6df8a6586875d7 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 1953358 e7c3f85d21b94e62baf0bc5849d8a7ed http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 80522 507bc24d176289793eadd28f4623e331 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 1358910 6ec7ccedec85f92e175b99c6abfb76ba http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 1995586 be70b626e522a6d10947717cc4dad784 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 7007462 b3a959d7475adb2d8aefc1d590690744 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb Size/MD5 checksum: 4775388 b2adb39f3d76b691a747126efd40452a arm architecture (ARM) http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 561128 0d9cc7d736f2ac3af0037fb0538885bb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 2398710 a2a88432efcb034fad0cfc36130938f6 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 6177100 b465429510298d684d16f33d977ec1c3 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 3353238 d7e4a1fb9ecb639471baa485dc629653 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 79216 da72ebd5740459cd44c6d5735883f203 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 4267492 62425ac8d76f5879b900622026883d94 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 1315868 8b3019c57cfeeb28509ca96f7d0358fa http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 972222 1197d9bb33cfb181d99f03102b751cbf http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 5041464 6db94424b23399cf83de0ae1968efba0 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 1203924 f8a743cc5f4afb87f8b9cb883252c6f2 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 1817072 72fddd524748b9e9206c135e81c698dc http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb Size/MD5 checksum: 2892294 b43b907010b9373ec7957a570d9a80ec armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 2910452 fd7f3ad0731784dccdc5b3b467513469 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 6214560 94dff8a518547e92fb165c02dae9baec http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 5070850 b4a9ac34be34928672ce800c899ac042 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 981922 ae00524832d05f9aa8c06686c9e4e461 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 1323868 be4570e7c8720bf0c756b4eac3cd3fe0 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 3372252 012baecc35e1becc8a07d81adc262d65 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 4294422 0c6add94f7e453817388fa9e529b82bd http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 2424800 db72d33ac4229f163053c1f4ea18480e http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 78816 d0ac45bb3404ac4fa9972bf47ec91cac http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 1823568 48f417418296b035f611572d4504ffbd http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 1210432 d58cf1719fc208e76cec7c28cb594da7 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb Size/MD5 checksum: 564066 43f4da7801d6e972fae31ce287ded998 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 2067740 1f3465310bfa420ca5d3dca47fb61876 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 6687014 bd2920b6f871c5cfc573454993b99bd3 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 4653108 91139f0c545ded0f434912e577cc655b http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 1375386 2f9657458e85625ffa4f762df7ca9a87 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 80862 32248cce30e50a58171439955e8c1b31 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 5501106 2c9166906405f03cb05d509b871ee48b http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 3177446 f061d9d8f7e5276ff6f6bf98ecea456e http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 631654 1dd17d4d9edc8fc60707db89643a8aea http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 3610032 ea72fc29881895beab6c09e20dce4eb9 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 1046340 b118ec013c5588b8baaea5d1b0e920a8 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 2229186 b1f09642dd40089211dbaa22d9e234fd http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb Size/MD5 checksum: 1412786 3ffb5d639b595a3af2d1661439f7559d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 984354 610ff7af9bdec786dc66dfc71e6d906d http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 2930762 16cc9438cc5a7bac68f842aaff01cb44 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 6302570 8508f2837d10ed9e791690764c887482 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 2081416 a97abc97a1ccbebc475cf94ab984fac0 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 561714 b61348ec0f3adb19990550cab9b7e40b http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 3405124 904fba778279f57af680c3a25d316c89 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 4295250 e783fb6625c27e5d4dbdf0b5072345db http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 78984 0a4c138021591e75544c95a70a79f5e4 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 5067188 9b7a2c22ef8ebab7db2da88e77d61607 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 1825116 d70821ed19cb8118f76529c844c967de http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 1199768 f33cfc38a35e53f9a278279d10cb9296 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb Size/MD5 checksum: 1349920 a34c0d26610af3d6a5e8c0c9e35f6acf ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 4386438 ec0ed107b01d00462e6a4dd9fa914a6f http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 5832230 d73c656dac14065b3a1f13201510eb20 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 1724092 9b5c69cdc6911c755a8e6b12d048d1ba http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 84004 bc0fe8f98f03b5d665810cb5ade516e9 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 752072 c462e06b2ff50d6abbc6fa5ba6c14dba http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 1561116 91986263af0fd80f2a8d220e626ea4e9 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 8294752 bfea15cf71e6f3503e8601b7b7a51ff4 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 1939328 a3d3f802ed54267a93a61eed49d48b7e http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 2400926 961af2d58aeff2eb54b6316b56b0d71b http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 1280080 63385632efbd6d173e452b75ac295e7d http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 6933470 666a61b68183f3afc017cb3658d25049 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb Size/MD5 checksum: 3915410 a7ae5b73317aff391dbfffe447ee8958 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 2507514 c8d996cba28f6d76d187774f844b01aa http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 4203042 d48c2d45cd762dc2bad73ca9c089d3c9 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 572688 4c689c9090845e6784d96eafdd1d1dd5 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 1205342 92c7d350a6958c60b719dc1bca25e23c http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 3238756 9c2d7e67ffcb7f6f9010e2a4cf3e5e16 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 942044 b994c97405ec4963b68189a0ba00067b http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 4998666 1648dd4cfec7bc14cbd41320b44fbb16 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 2809438 f4ad77583575756d14629fd98c8166f5 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 79288 10a8cdeed703948d1dd5e836897558f1 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 2182258 5183531629f1c99dd71f253832bab233 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 5840974 cb82df1024f5c10770ac98afe89e48a3 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb Size/MD5 checksum: 1093592 8e55a6342da60f19c3c95a55a1d90164 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 2128338 f27eefe417a4831ed071ee2a34949e47 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 569280 584e1b162cb0452b814d34aa618d9b85 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 79204 69f192c04fa40eb5e2fc37c1cdb1b0ac http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 5801134 d3791aacacfcadd4caf909dd9b62fe31 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 1081720 b19e32963b224825b1f6335e28bc6d6b http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 2792976 e3d2772a8cf2274a26190043d0c9694a http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 2387806 e5f53727f8ccdca5bfb82efbd5601c7e http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 4967334 3dfdbd6e944b31808bb38bbe3ee3fe35 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 1196484 bc9d17cd36558e526efd2e3870f2b0e4 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 3219234 d4615fd079aecae1ed4753c4449aea75 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 4177874 10909deb34148f33c2a92ecb6cfd8c72 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb Size/MD5 checksum: 936880 1e742c0aa5a77a995fa174a9b02913c4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 2988566 40620c503ca952eeeb73bde777a14435 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 6294542 feab7c9b74b13b06b6977d637623c728 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 2079372 4886a2d8d7664280dae64605c891996b http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 1712666 75b337ef8fb0e52f71cf2e9b18faa1d4 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 3423452 da023922a04344c534ee88e0e0292900 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 5187664 0ddd64379049fadd254da0045e04d307 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 595048 b08157624bc5ebe37b5a2c343649bb83 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 1333642 98613e2a5c876333295cc0aab31ad250 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 989426 e1b15a1a53be2bd09010c1dd0eeddcf8 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 1239864 1aafcfc867e23a3b84f58e29f5a4b163 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 4403350 c2b90fc3fb94dcd324f9da7a38a7c878 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb Size/MD5 checksum: 80476 3ac690ddd20c773e1437d21572c37a2e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 2061206 694599e2dae140a04c53be168ebbf163 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 1389672 25b0b8754be83bae0984de459f7cf319 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 641924 989f56ac5c323f74b34512dcf48412a0 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 1935682 032e63baf547b194e2af89da342be617 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 1258028 5884f69e4c3fc4567c8f2392b4cae88d http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 4740858 01348d4fe49f9f8b07eb98b77a447c4d http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 1056846 85573ee68987c713bf2abf1c676bcd6a http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 6706474 c2cd5c961d23f7ec513b2cb0efa469a8 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 5647644 c123e43888dace888b100f4d61cef627 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 80832 c96484d5c2588fb90a23df5869463554 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 3204582 0254ff9259bae547b7d8673124473e19 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb Size/MD5 checksum: 3650302 0716bdcda1c0b080e30fbc2b4af03e6b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 1202198 76ec9e4b183e72139b216321ef0dbc6f http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 975366 ce9edebb6cdbbfce4ed44dc376960d3a http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 4322338 398acf0f34e81b674ec8cf4149bf4534 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 2924672 52a6813bc6e557daa5f2ec523942ebcc http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 5116574 63e4f4faadf3223fdd904e546aab6a22 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 3372416 73b1333d568d87529e8d3072ebd4c509 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 581590 2dcac90d984a7b08083be093befa1472 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 1303976 731b1a1f9a65e1ec887c0fbdfcc867d3 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 1996180 13724133b88e237853164fedd89c356b http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 79152 1ffe88781e928339aa16c594f9f224f0 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 6172106 37c0d2de6d73127751cf1670ee468944 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb Size/MD5 checksum: 2020578 f161d329079cb0df6cbc30ed97191e15 These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0006 Synopsis: ESX Service Console updates for samba and acpid Issue date: 2010-04-01 Updated on: 2010-04-01 (initial release of advisory) CVE numbers: CVE-2009-2906, CVE-2009-1888, CVE-2009-2813, CVE-2009-2948, CVE-2009-0798 - ------------------------------------------------------------------------ 1. Summary ESX Service Console updates for samba and acpid packages. 2. Relevant releases VMware ESX 4.0.0 without patch ESX400-201003405-SG, ESX400-201003403-SG Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details. Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to at least ESX 3.0.3 Update 1 and preferably to the newest release available. Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 Update 5 and preferably to the newest release available. 3. Problem Description a. Service Console update for samba to 3.0.33-3.15.el5_4.1 This update changes the samba packages to samba-client-3.0.33-3.15.el5_4.1 and samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for security issues that were first fixed in samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813 and CVE-2009-2948 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201003405-SG ESX 3.5 ESX patch pending ESX 3.0.3 ESX patch pending ESX 2.5.5 ESX patch pending vMA 4.0 RHEL5 patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Service Console update for acpid to1.0.4-9.el5_4.2 This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2. This version includes the fix for a security issue that was first fixed in acpid-1.0.4-7.el5_4.1. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0798 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201003403-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- https://hostupdate.vmware.com/software/VUM/OFFLINE/release-195-20100324-069 238/ESX400-201003001.zip md5sum: c7c0f287d5728289fe2903be48d8d501 sha1sum: d90badd89247ccc96a02001b6d697bf39fad9e7c http://kb.vmware.com/kb/1019833 Note: ESX400-201003001 contains the following security bulletins ESX400-201003403-SG, and ESX400-201003405-SG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-201003403.zip -b ESX400-201003405-SG update 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0798 - ------------------------------------------------------------------------ 6. Change log 2010-04-01 VMSA-2010-0006 Initial security advisory after release of bulletins for ESX 4.0 on 2010-04-01. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFLtPVKS2KysvBH1xkRAr7QAJ9fmOGXceihgXteCto/P0/N4FOYpQCeNU+6 9mPchO6g2qdEqzK4oDoGbl8= =focv -----END PGP SIGNATURE----- . Release Date: 2010-01-27 Last Updated: 2010-01-27 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The vulnerability could be exploited to gain remote unauthorized access. References: CVE-2009-2813 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP CIFS Server vA.02.03.04 and vA.02.04 running on HP-UX B.11.11, B.11.23, or B.11.31. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-2813 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve this vulnerabilities. HP CIFS Server (Samba) vA.02.04.01 for HP-UX B.11.11, B.11.23, B.11.31 HP CIFS Server (Samba) vA.02.03.05 for HP-UX B.11.11, B.11.23, B.11.31 The updates are available for download from http://www.hp.com/go/softwaredepot/ MANUAL ACTIONS: Yes - Update Install vA.02.04.01 or subsequent or vA.02.03.05 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= CIFS-Server.CIFS-ADMIN CIFS-Server.CIFS-DOC CIFS-Server.CIFS-LIB CIFS-Server.CIFS-MAN CIFS-Server.CIFS-RUN CIFS-Server.CIFS-UTIL action: install revision A.02.04.01 or subsequent HP-UX B.11.11 HP-UX B.11.23 ============= CIFS-Server.CIFS-ADMIN CIFS-Server.CIFS-DOC CIFS-Server.CIFS-LIB CIFS-Server.CIFS-RUN CIFS-Server.CIFS-UTIL action: install revision A.02.03.05 or subsequent HP-UX B.11.31 ============= CIFS-Server.CIFS-ADMIN CIFS-Server.CIFS-DOC CIFS-Server.CIFS-LIB CIFS-Server.CIFS-RUN CIFS-Server.CIFS-UTIL CIFS-CFSM.CFSM-KRN CIFS-CFSM.CFSM-RUN action: install revision A.02.03.05 or subsequent END AFFECTED VERSIONS HISTORY Version: 1 (rev.1) - 27 January 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Samba Information Disclosure and Denial of Service SECUNIA ADVISORY ID: SA36893 VERIFY ADVISORY: http://secunia.com/advisories/36893/ DESCRIPTION: Some weaknesses and a vulnerability have been reported in Samba, which can be exploited by malicious, local users to disclose potentially sensitive information, and by malicious users to disclose sensitive information and cause a DoS (Denial of Service). 1) The mount.cifs application does not properly verify if opening a credentials file crosses the privileges of the invoking user. This can be exploited to disclose partial file contents by using the "--verbose" or "-v" option and passing the file as credentials file to mount.cifs. Successful exploitation requires that mount.cifs is suid root. 2) An infinite loop exists when processing certain SMB requests. This can be exploited to cause a DoS due to CPU consumption by sending a specially crafted request to the Samba server. Successful exploitation requires that the attacker is authenticated. 3) Samba does not properly handle /etc/passwd entries with empty home directories, which can lead to access to the root file system and all subdirectories. Successful exploitation requires that an /etc/passwd entry with an empty home directory exists and automated "[homes]" sharing is enabled or a share with the username of the affected entry exists. http://samba.org/samba/download/ Patches are also available: http://www.samba.org/samba/history/security.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Ronald Volgers. 2) The vendor credits Tim Prouty, Isilon and Samba Team 3) The vendor credits J. David Hester, LCG Systems National Institutes of Health ORIGINAL ADVISORY: 1) http://www.samba.org/samba/security/CVE-2009-2948.html 2) http://www.samba.org/samba/security/CVE-2009-2906.html 3) http://www.samba.org/samba/security/CVE-2009-2813.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Additionally for 2009.1 the version upgrade provides many upstream bug fixes such as improved Windows(tm) 7 support. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://www.samba.org/samba/security/CVE-2009-2813.html http://www.samba.org/samba/security/CVE-2009-2906.html http://www.samba.org/samba/security/CVE-2009-2948.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 4f552578709de0466d922e8a0759f8be 2008.1/i586/libsmbclient0-3.0.37-0.1mdv2008.1.i586.rpm 9bb222210c3a99989ddb6c3479c8cd6d 2008.1/i586/libsmbclient0-devel-3.0.37-0.1mdv2008.1.i586.rpm cecadda3b37593746894536d2392d5c1 2008.1/i586/libsmbclient0-static-devel-3.0.37-0.1mdv2008.1.i586.rpm 7edfbf4deea7b57e7c7db53c85d62a41 2008.1/i586/mount-cifs-3.0.37-0.1mdv2008.1.i586.rpm 7a4a8d4577893ef1a0b410d1d2a1420e 2008.1/i586/nss_wins-3.0.37-0.1mdv2008.1.i586.rpm 236a200f0fea567b71b2fc6b2ab76d01 2008.1/i586/samba-client-3.0.37-0.1mdv2008.1.i586.rpm 1ab41b7a86e1100ebfc0f8a3f3c7585a 2008.1/i586/samba-common-3.0.37-0.1mdv2008.1.i586.rpm e26405b50094478abf9c8e6f0cecb4d1 2008.1/i586/samba-doc-3.0.37-0.1mdv2008.1.i586.rpm 92c5ee7aa8a23df6f8e63e721d6cd1eb 2008.1/i586/samba-server-3.0.37-0.1mdv2008.1.i586.rpm 4192000a9c943240cc49285172a4365a 2008.1/i586/samba-swat-3.0.37-0.1mdv2008.1.i586.rpm 4979847252345d54d1ca4d57f2eab2f7 2008.1/i586/samba-vscan-icap-3.0.37-0.1mdv2008.1.i586.rpm 47272746a7af49923bd4f7599905a533 2008.1/i586/samba-winbind-3.0.37-0.1mdv2008.1.i586.rpm 814b5cbb37717cfb25d86de35231c436 2008.1/SRPMS/samba-3.0.37-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ced0d1b4aebfc1dcf3640e2d0eb22668 2008.1/x86_64/lib64smbclient0-3.0.37-0.1mdv2008.1.x86_64.rpm 9d4efa92699f9cfa9cb67cbfc8e0bf80 2008.1/x86_64/lib64smbclient0-devel-3.0.37-0.1mdv2008.1.x86_64.rpm b951dd85f7b5520615a8bfa9efa94e15 2008.1/x86_64/lib64smbclient0-static-devel-3.0.37-0.1mdv2008.1.x86_64.rpm c989e22b38dd6190655a6a147d9b4320 2008.1/x86_64/mount-cifs-3.0.37-0.1mdv2008.1.x86_64.rpm 1c5d88beecca4b39e814c865f67d67f1 2008.1/x86_64/nss_wins-3.0.37-0.1mdv2008.1.x86_64.rpm c4c16d39b64ab8a63f9a04af29984cf3 2008.1/x86_64/samba-client-3.0.37-0.1mdv2008.1.x86_64.rpm 1afe4d19ed5ad2409c03399dd23bde51 2008.1/x86_64/samba-common-3.0.37-0.1mdv2008.1.x86_64.rpm 9913781e24af986bbdace14171361726 2008.1/x86_64/samba-doc-3.0.37-0.1mdv2008.1.x86_64.rpm ebe658ed48038b5cce733c78775e2948 2008.1/x86_64/samba-server-3.0.37-0.1mdv2008.1.x86_64.rpm 9db457d2ec2e6694eedc71e65686e075 2008.1/x86_64/samba-swat-3.0.37-0.1mdv2008.1.x86_64.rpm c53a88fc82dd5a7ddc4c33c606a50ce6 2008.1/x86_64/samba-vscan-icap-3.0.37-0.1mdv2008.1.x86_64.rpm f6419abf5f60d68a7f5255a24493ca94 2008.1/x86_64/samba-winbind-3.0.37-0.1mdv2008.1.x86_64.rpm 814b5cbb37717cfb25d86de35231c436 2008.1/SRPMS/samba-3.0.37-0.1mdv2008.1.src.rpm Mandriva Linux 2009.0: efb050a33295b9425e3ca8fb9ec05fef 2009.0/i586/libnetapi0-3.2.15-0.1mdv2009.0.i586.rpm 846e3afd2bab276430d7cde4fdf03c0e 2009.0/i586/libnetapi-devel-3.2.15-0.1mdv2009.0.i586.rpm b852a65671ff7559ead332fd72bb5c94 2009.0/i586/libsmbclient0-3.2.15-0.1mdv2009.0.i586.rpm 21c04220c90da910f918e302e52666d9 2009.0/i586/libsmbclient0-devel-3.2.15-0.1mdv2009.0.i586.rpm 1e3c49a52489d2acd356cccd04cd56eb 2009.0/i586/libsmbclient0-static-devel-3.2.15-0.1mdv2009.0.i586.rpm 922b7d1fc60659c443a22a5cf9141ea4 2009.0/i586/libsmbsharemodes0-3.2.15-0.1mdv2009.0.i586.rpm a5f28ffcefbc37adfd5004336a2fe6a0 2009.0/i586/libsmbsharemodes-devel-3.2.15-0.1mdv2009.0.i586.rpm 3a2666105db13504afec89f7dd6a67d0 2009.0/i586/libtalloc1-3.2.15-0.1mdv2009.0.i586.rpm ab99aadd26276c8bbc96da52fcd3fb46 2009.0/i586/libtalloc-devel-3.2.15-0.1mdv2009.0.i586.rpm c2bcd60467dc197621a4a8b578ab8d2f 2009.0/i586/libtdb1-3.2.15-0.1mdv2009.0.i586.rpm e47ba9b65282116a881cd8a1d0f5752d 2009.0/i586/libtdb-devel-3.2.15-0.1mdv2009.0.i586.rpm 819c8b8e12043dff6f85f266e1092cf9 2009.0/i586/libwbclient0-3.2.15-0.1mdv2009.0.i586.rpm e21c0cf32e7b3ac82621c4cf20eb8ffc 2009.0/i586/libwbclient-devel-3.2.15-0.1mdv2009.0.i586.rpm ecd74601bbe8661a4424cbf9a24fd9dc 2009.0/i586/mount-cifs-3.2.15-0.1mdv2009.0.i586.rpm 656b6e76ea691407eb02eec624d2111e 2009.0/i586/nss_wins-3.2.15-0.1mdv2009.0.i586.rpm d80dd9a24fcdaf2a96e481a38e68713b 2009.0/i586/samba-client-3.2.15-0.1mdv2009.0.i586.rpm d9065426a3838bd6666db3411392de4a 2009.0/i586/samba-common-3.2.15-0.1mdv2009.0.i586.rpm 7513c3208fab5355ad869e2630861d31 2009.0/i586/samba-doc-3.2.15-0.1mdv2009.0.i586.rpm e208d566b753481fb9615f5f1f5c37be 2009.0/i586/samba-server-3.2.15-0.1mdv2009.0.i586.rpm 31658503f04a3a153b4d65fe62e7f9a5 2009.0/i586/samba-swat-3.2.15-0.1mdv2009.0.i586.rpm 764c09b5bbddf403e41024db390ce4f8 2009.0/i586/samba-winbind-3.2.15-0.1mdv2009.0.i586.rpm 92f632db2a533f9ffbcbcbe260d2bedc 2009.0/SRPMS/samba-3.2.15-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ff6635036aaeadf00de68e48ad77c7a4 2009.0/x86_64/lib64netapi0-3.2.15-0.1mdv2009.0.x86_64.rpm 93dbe82080fcc4f3332b4aa90c2ac9b2 2009.0/x86_64/lib64netapi-devel-3.2.15-0.1mdv2009.0.x86_64.rpm 39b9c79e40c41d62c7ca7440fa097039 2009.0/x86_64/lib64smbclient0-3.2.15-0.1mdv2009.0.x86_64.rpm 4cac1729ea43ca02f485e071c5ff0681 2009.0/x86_64/lib64smbclient0-devel-3.2.15-0.1mdv2009.0.x86_64.rpm d0e8589df5efbcf9fcc2f6192af3cb6d 2009.0/x86_64/lib64smbclient0-static-devel-3.2.15-0.1mdv2009.0.x86_64.rpm 9156de31384ce156d30d4e9535634e59 2009.0/x86_64/lib64smbsharemodes0-3.2.15-0.1mdv2009.0.x86_64.rpm ce72a170e7af1edc4cdc9121d868999f 2009.0/x86_64/lib64smbsharemodes-devel-3.2.15-0.1mdv2009.0.x86_64.rpm a97a5555b1e937f706d500386f90a030 2009.0/x86_64/lib64talloc1-3.2.15-0.1mdv2009.0.x86_64.rpm 431e616754fff2e16a951ea51939e42b 2009.0/x86_64/lib64talloc-devel-3.2.15-0.1mdv2009.0.x86_64.rpm 51c7e0bc2006bceb6149804e18db9335 2009.0/x86_64/lib64tdb1-3.2.15-0.1mdv2009.0.x86_64.rpm 353b8080b16182401577c206d05cd9fb 2009.0/x86_64/lib64tdb-devel-3.2.15-0.1mdv2009.0.x86_64.rpm 301ba572774619cf6b6f6d21c1b22dd8 2009.0/x86_64/lib64wbclient0-3.2.15-0.1mdv2009.0.x86_64.rpm 3003a8b8a48b25bb13e309ba059f54af 2009.0/x86_64/lib64wbclient-devel-3.2.15-0.1mdv2009.0.x86_64.rpm c3c0d95f1da6710dfe86c28b1b977b86 2009.0/x86_64/mount-cifs-3.2.15-0.1mdv2009.0.x86_64.rpm 95ffa0c8fc90b800a012cdfe458fd2f1 2009.0/x86_64/nss_wins-3.2.15-0.1mdv2009.0.x86_64.rpm fbe98a877504a9512dc40335b52fe8f9 2009.0/x86_64/samba-client-3.2.15-0.1mdv2009.0.x86_64.rpm dc8e880521d644a9d1db998c5cb65204 2009.0/x86_64/samba-common-3.2.15-0.1mdv2009.0.x86_64.rpm 66bf7a44a5b4d1c4fc66bf2cca34c40c 2009.0/x86_64/samba-doc-3.2.15-0.1mdv2009.0.x86_64.rpm e69179920eb13e9c4b6b77c9dd23c09b 2009.0/x86_64/samba-server-3.2.15-0.1mdv2009.0.x86_64.rpm f160eb1bb56f3fcf09c3c7d144dadc05 2009.0/x86_64/samba-swat-3.2.15-0.1mdv2009.0.x86_64.rpm c25b1e8ebb3ae619e50114d7161221bc 2009.0/x86_64/samba-winbind-3.2.15-0.1mdv2009.0.x86_64.rpm 92f632db2a533f9ffbcbcbe260d2bedc 2009.0/SRPMS/samba-3.2.15-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 16d55726ae18c141c64559bf33155d0e 2009.1/i586/libnetapi0-3.3.8-0.1mdv2009.1.i586.rpm 677c6a78ca9087546767cd152f090b96 2009.1/i586/libnetapi-devel-3.3.8-0.1mdv2009.1.i586.rpm 59ff6473e2f4d60a96edbf00d120170d 2009.1/i586/libsmbclient0-3.3.8-0.1mdv2009.1.i586.rpm 4a9e3207ab02fde3b94c744fbc54761a 2009.1/i586/libsmbclient0-devel-3.3.8-0.1mdv2009.1.i586.rpm f8727f9a406380bf3cc63872029dd32d 2009.1/i586/libsmbclient0-static-devel-3.3.8-0.1mdv2009.1.i586.rpm a7a70efa02ad348fedeb44a640112e14 2009.1/i586/libsmbsharemodes0-3.3.8-0.1mdv2009.1.i586.rpm 44d95965a29b1c6b67e25d804bc12516 2009.1/i586/libsmbsharemodes-devel-3.3.8-0.1mdv2009.1.i586.rpm 81878c3eaa03b9a83478189fec6f7055 2009.1/i586/libwbclient0-3.3.8-0.1mdv2009.1.i586.rpm ba295f2fb6115acf4018077d7a927437 2009.1/i586/libwbclient-devel-3.3.8-0.1mdv2009.1.i586.rpm 9234fc94eac761caa56944841539a8a5 2009.1/i586/mount-cifs-3.3.8-0.1mdv2009.1.i586.rpm 8214ceee6fb0874c5c2e89cc247fbd28 2009.1/i586/nss_wins-3.3.8-0.1mdv2009.1.i586.rpm 2c00ad654c8f2b5babd0050486c06182 2009.1/i586/samba-client-3.3.8-0.1mdv2009.1.i586.rpm 9cf733e60cc0f87b5d328a57169ff4a0 2009.1/i586/samba-common-3.3.8-0.1mdv2009.1.i586.rpm dc3b4a5b52d67377a71b2bb1c332e755 2009.1/i586/samba-doc-3.3.8-0.1mdv2009.1.i586.rpm 7481e9496d4187f29b1c8d174f34abbb 2009.1/i586/samba-server-3.3.8-0.1mdv2009.1.i586.rpm 235c1eb352b8cdd857b4c30653fa3731 2009.1/i586/samba-swat-3.3.8-0.1mdv2009.1.i586.rpm 2e25863f3fea545174b2528273fc39b1 2009.1/i586/samba-winbind-3.3.8-0.1mdv2009.1.i586.rpm c07466ff2422da51dc1500758b3bdf2e 2009.1/SRPMS/samba-3.3.8-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 2585e0e6504670b25acd056e96a1666a 2009.1/x86_64/lib64netapi0-3.3.8-0.1mdv2009.1.x86_64.rpm d5667734e27c7c9e1f1ce543d0a69bcf 2009.1/x86_64/lib64netapi-devel-3.3.8-0.1mdv2009.1.x86_64.rpm 1cae57e6142b5f9852964f57c2448417 2009.1/x86_64/lib64smbclient0-3.3.8-0.1mdv2009.1.x86_64.rpm aec3399d0094ac2d2a8df6c04cc8cd80 2009.1/x86_64/lib64smbclient0-devel-3.3.8-0.1mdv2009.1.x86_64.rpm 0101adb5e56ea9239d01a6b95265df8e 2009.1/x86_64/lib64smbclient0-static-devel-3.3.8-0.1mdv2009.1.x86_64.rpm 221ab5e516926ef22e29de68a5fbb401 2009.1/x86_64/lib64smbsharemodes0-3.3.8-0.1mdv2009.1.x86_64.rpm 5093da6bf343f563cbba01adba788238 2009.1/x86_64/lib64smbsharemodes-devel-3.3.8-0.1mdv2009.1.x86_64.rpm 0727b03fc3e8facdf6171bbdbbc0b254 2009.1/x86_64/lib64wbclient0-3.3.8-0.1mdv2009.1.x86_64.rpm 3b64cde8fb59b5cc5301653f24b02298 2009.1/x86_64/lib64wbclient-devel-3.3.8-0.1mdv2009.1.x86_64.rpm 40b2c4c0458d02e9ec09c1f665650074 2009.1/x86_64/mount-cifs-3.3.8-0.1mdv2009.1.x86_64.rpm 0a070ac11d73d7c5005516868c8acb0f 2009.1/x86_64/nss_wins-3.3.8-0.1mdv2009.1.x86_64.rpm 8ce7fda815396961bc091a8de6d5aaca 2009.1/x86_64/samba-client-3.3.8-0.1mdv2009.1.x86_64.rpm 074e2419563fcc09941edb756786aafd 2009.1/x86_64/samba-common-3.3.8-0.1mdv2009.1.x86_64.rpm 35a4b8335e400d6817903a781ce60fae 2009.1/x86_64/samba-doc-3.3.8-0.1mdv2009.1.x86_64.rpm 91ed9e1f370de8ccafd97a4b6274af75 2009.1/x86_64/samba-server-3.3.8-0.1mdv2009.1.x86_64.rpm 0f3b675161add2e6e39bf7bcd8d0efc4 2009.1/x86_64/samba-swat-3.3.8-0.1mdv2009.1.x86_64.rpm 6303fb16df9f940a83574aa02c15ecd8 2009.1/x86_64/samba-winbind-3.3.8-0.1mdv2009.1.x86_64.rpm c07466ff2422da51dc1500758b3bdf2e 2009.1/SRPMS/samba-3.3.8-0.1mdv2009.1.src.rpm Corporate 3.0: 24c5b1096fdea3139d16d4920e4f3d5e corporate/3.0/i586/libsmbclient0-3.0.14a-6.11.C30mdk.i586.rpm d9367df65666dc8f1cacbab3cd94759a corporate/3.0/i586/libsmbclient0-devel-3.0.14a-6.11.C30mdk.i586.rpm fac9eec996c5da54e13cc1a3272008aa corporate/3.0/i586/libsmbclient0-static-devel-3.0.14a-6.11.C30mdk.i586.rpm 18c14b2785aaa0fedcf7e75641359162 corporate/3.0/i586/mount-cifs-3.0.14a-6.11.C30mdk.i586.rpm ebd4e835fbe370ee891fca93b077e607 corporate/3.0/i586/nss_wins-3.0.14a-6.11.C30mdk.i586.rpm 3546cab569f983f83f5897af3660d02f corporate/3.0/i586/samba-client-3.0.14a-6.11.C30mdk.i586.rpm 928a14eb92d7298d2a17f0298ffa1724 corporate/3.0/i586/samba-common-3.0.14a-6.11.C30mdk.i586.rpm 463337aab33d8c41aacd091c0c3e43fc corporate/3.0/i586/samba-doc-3.0.14a-6.11.C30mdk.i586.rpm 8e8349ce95d2bfbd341779369b5025ea corporate/3.0/i586/samba-passdb-xml-3.0.14a-6.11.C30mdk.i586.rpm 5ec36e5ef8cb394357fc53c8da336c7e corporate/3.0/i586/samba-server-3.0.14a-6.11.C30mdk.i586.rpm 7028fabe6d04ce0fa301c64e4fdd917e corporate/3.0/i586/samba-smbldap-tools-3.0.14a-6.11.C30mdk.i586.rpm 1e122a5d446705da97c138a82bc3a172 corporate/3.0/i586/samba-swat-3.0.14a-6.11.C30mdk.i586.rpm 459c55822bf11d8c502026b4ab284fb0 corporate/3.0/i586/samba-vscan-antivir-3.0.14a-6.11.C30mdk.i586.rpm 7db0ce83564250560ffb82a5ec10621c corporate/3.0/i586/samba-vscan-clamav-3.0.14a-6.11.C30mdk.i586.rpm 179ba9e3360c9e75700332aa19994e62 corporate/3.0/i586/samba-vscan-icap-3.0.14a-6.11.C30mdk.i586.rpm eb52755bb9a984a2fd93318400a99e3a corporate/3.0/i586/samba-winbind-3.0.14a-6.11.C30mdk.i586.rpm e7d6547c08d05538ead2b1f583d72879 corporate/3.0/SRPMS/samba-3.0.14a-6.11.C30mdk.src.rpm Corporate 3.0/X86_64: 25efb0f8851063dd4f85ce5efe366745 corporate/3.0/x86_64/lib64smbclient0-3.0.14a-6.11.C30mdk.x86_64.rpm 7bbcd06e7c3f79219aa1078a0cacbc97 corporate/3.0/x86_64/lib64smbclient0-devel-3.0.14a-6.11.C30mdk.x86_64.rpm f7be50563342779491e1338d8f4386db corporate/3.0/x86_64/lib64smbclient0-static-devel-3.0.14a-6.11.C30mdk.x86_64.rpm 838ef7ea583cb95cc863c8cf1425a3c1 corporate/3.0/x86_64/mount-cifs-3.0.14a-6.11.C30mdk.x86_64.rpm d30ce3c9fc8dc04a44856b8de5475d2a corporate/3.0/x86_64/nss_wins-3.0.14a-6.11.C30mdk.x86_64.rpm e678babbca3ead8a8776c21e836bd1f6 corporate/3.0/x86_64/samba-client-3.0.14a-6.11.C30mdk.x86_64.rpm 53de1c937fe96963251d43aa7135c936 corporate/3.0/x86_64/samba-common-3.0.14a-6.11.C30mdk.x86_64.rpm b378c72cd5da2e8744fc18f948ba2296 corporate/3.0/x86_64/samba-doc-3.0.14a-6.11.C30mdk.x86_64.rpm bb8bf3b0569c252d9d0d9192ae879b6d corporate/3.0/x86_64/samba-passdb-xml-3.0.14a-6.11.C30mdk.x86_64.rpm 35139f2f5c4a6e244570913e5069efe2 corporate/3.0/x86_64/samba-server-3.0.14a-6.11.C30mdk.x86_64.rpm 4171ce3978bbfd54a3f8ea2215cd997c corporate/3.0/x86_64/samba-smbldap-tools-3.0.14a-6.11.C30mdk.x86_64.rpm 5187188c8a9e7de056274a32b87c80da corporate/3.0/x86_64/samba-swat-3.0.14a-6.11.C30mdk.x86_64.rpm 8ede5f2d1cd5a62cdabeaf50846b917a corporate/3.0/x86_64/samba-vscan-antivir-3.0.14a-6.11.C30mdk.x86_64.rpm ba36875f98009a110ed3a866a163baf9 corporate/3.0/x86_64/samba-vscan-clamav-3.0.14a-6.11.C30mdk.x86_64.rpm 57c81613fafbc73fdfda56b42ce8e89d corporate/3.0/x86_64/samba-vscan-icap-3.0.14a-6.11.C30mdk.x86_64.rpm cc92aea8b3de4bd7031ad16cff1dd130 corporate/3.0/x86_64/samba-winbind-3.0.14a-6.11.C30mdk.x86_64.rpm e7d6547c08d05538ead2b1f583d72879 corporate/3.0/SRPMS/samba-3.0.14a-6.11.C30mdk.src.rpm Corporate 4.0: 047660a6bf073366bd9b354078311ed8 corporate/4.0/i586/libsmbclient0-3.0.37-0.1.20060mlcs4.i586.rpm 2add9cc76f133c4a88816242518c632a corporate/4.0/i586/libsmbclient0-devel-3.0.37-0.1.20060mlcs4.i586.rpm 8e724f03722eaf5bd8a7f8f483175e1c corporate/4.0/i586/libsmbclient0-static-devel-3.0.37-0.1.20060mlcs4.i586.rpm 9c416f3cf56fad431d0ac51746841ce3 corporate/4.0/i586/mount-cifs-3.0.37-0.1.20060mlcs4.i586.rpm 41e03757979dbc08a735cc07eb70a59b corporate/4.0/i586/nss_wins-3.0.37-0.1.20060mlcs4.i586.rpm ea3291cde574a02eb3b6d9af74ffb2a8 corporate/4.0/i586/samba-client-3.0.37-0.1.20060mlcs4.i586.rpm af7624926aa5e3b6168208047d6c4c46 corporate/4.0/i586/samba-common-3.0.37-0.1.20060mlcs4.i586.rpm 8d77caca4375145ee8d3aa942622e428 corporate/4.0/i586/samba-doc-3.0.37-0.1.20060mlcs4.i586.rpm a40cc758d1ff0bfa623b06b601132a4f corporate/4.0/i586/samba-server-3.0.37-0.1.20060mlcs4.i586.rpm 860e1a63926f2882b2c95b61f87b6e42 corporate/4.0/i586/samba-swat-3.0.37-0.1.20060mlcs4.i586.rpm 668845748f59d8ab267077b409cf7d10 corporate/4.0/i586/samba-vscan-icap-3.0.37-0.1.20060mlcs4.i586.rpm 34826f546a50388da7532f64d7280894 corporate/4.0/i586/samba-winbind-3.0.37-0.1.20060mlcs4.i586.rpm a47770cd28d9d2f1204bb192df70375c corporate/4.0/SRPMS/samba-3.0.37-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 77f62b3eb1efd66a7ea3ba8d84a8d43c corporate/4.0/x86_64/lib64smbclient0-3.0.37-0.1.20060mlcs4.x86_64.rpm b7eea9e6f961648d40c0b0d6eda33019 corporate/4.0/x86_64/lib64smbclient0-devel-3.0.37-0.1.20060mlcs4.x86_64.rpm 2f8bcc3b5c02626a86d2c2d2f54b278a corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.37-0.1.20060mlcs4.x86_64.rpm a20859389b661bc5865d95025237e668 corporate/4.0/x86_64/mount-cifs-3.0.37-0.1.20060mlcs4.x86_64.rpm 5cad07ac4c044c60b185db3de3882b27 corporate/4.0/x86_64/nss_wins-3.0.37-0.1.20060mlcs4.x86_64.rpm 82e1f61d0efdb2d2933e34947674bd9e corporate/4.0/x86_64/samba-client-3.0.37-0.1.20060mlcs4.x86_64.rpm 4fc7c9673ababbbb18eb479145796894 corporate/4.0/x86_64/samba-common-3.0.37-0.1.20060mlcs4.x86_64.rpm e30ca5d0cc234b98d0dc8627a1bc1d05 corporate/4.0/x86_64/samba-doc-3.0.37-0.1.20060mlcs4.x86_64.rpm bf01a661b1f653e1aa8e59cdb667bbbe corporate/4.0/x86_64/samba-server-3.0.37-0.1.20060mlcs4.x86_64.rpm fcc1b0212eec0186a8c9a0ad41af6ad7 corporate/4.0/x86_64/samba-swat-3.0.37-0.1.20060mlcs4.x86_64.rpm da660519148e16f2c0cb9d21db2cb67a corporate/4.0/x86_64/samba-vscan-icap-3.0.37-0.1.20060mlcs4.x86_64.rpm 8bd44cc57cb93d30550f04094e25191c corporate/4.0/x86_64/samba-winbind-3.0.37-0.1.20060mlcs4.x86_64.rpm a47770cd28d9d2f1204bb192df70375c corporate/4.0/SRPMS/samba-3.0.37-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ee5e0ba339dae934a1cb81040603d0eb mes5/i586/libnetapi0-3.2.15-0.1mdvmes5.i586.rpm a2138a459fe213114948ecaa3c38eb0a mes5/i586/libnetapi-devel-3.2.15-0.1mdvmes5.i586.rpm 35900db03c61dc537536c469faca8892 mes5/i586/libsmbclient0-3.2.15-0.1mdvmes5.i586.rpm fd96f9d9da799991c497c5bcbdb8eb99 mes5/i586/libsmbclient0-devel-3.2.15-0.1mdvmes5.i586.rpm 80b763083318d3691be23ebbc40d1985 mes5/i586/libsmbclient0-static-devel-3.2.15-0.1mdvmes5.i586.rpm 4ae18fa289d37dea0d2bc5dfdb2317b9 mes5/i586/libsmbsharemodes0-3.2.15-0.1mdvmes5.i586.rpm ef80a8b52ce4b6d5330c58b3586e4481 mes5/i586/libsmbsharemodes-devel-3.2.15-0.1mdvmes5.i586.rpm d7fdd39eeaab7a8e3e5a062661817e67 mes5/i586/libtalloc1-3.2.15-0.1mdvmes5.i586.rpm 5e60b3bd0a75e0d54138802918fe729e mes5/i586/libtalloc-devel-3.2.15-0.1mdvmes5.i586.rpm c665f78c314702a64f08ae8f54552b9a mes5/i586/libtdb1-3.2.15-0.1mdvmes5.i586.rpm 706e6b795143f8c66a94525251354f4e mes5/i586/libtdb-devel-3.2.15-0.1mdvmes5.i586.rpm 3cc7fb704a4c2629ab22211c506b4e84 mes5/i586/libwbclient0-3.2.15-0.1mdvmes5.i586.rpm 5fb302fe81d2545189bb9d09c43a5121 mes5/i586/libwbclient-devel-3.2.15-0.1mdvmes5.i586.rpm ed17b8a6a8a5fe2e346a694a8f2d7d09 mes5/i586/mount-cifs-3.2.15-0.1mdvmes5.i586.rpm 7bf8865e9f5c2ca25727e223dff8255a mes5/i586/nss_wins-3.2.15-0.1mdvmes5.i586.rpm 8ee63ef26bf846b4678c2cb1014b8d74 mes5/i586/samba-client-3.2.15-0.1mdvmes5.i586.rpm f070d6b6c9575e19143e6821c6e001ff mes5/i586/samba-common-3.2.15-0.1mdvmes5.i586.rpm c320a8446ebc80e48f8f2a4b633a484b mes5/i586/samba-doc-3.2.15-0.1mdvmes5.i586.rpm 8e1bfda1593920a80c0eae11ccb3dbd1 mes5/i586/samba-server-3.2.15-0.1mdvmes5.i586.rpm 01fb4c1c14c04e4752725de9a0bc0eac mes5/i586/samba-swat-3.2.15-0.1mdvmes5.i586.rpm 65ce6c6c1dfa009bcc43315a5ec4ccf3 mes5/i586/samba-winbind-3.2.15-0.1mdvmes5.i586.rpm 03855a2e42003a125af121eb9738ebd5 mes5/SRPMS/samba-3.2.15-0.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: ad357d021aaea783c3a9582e36e5e6bd mes5/x86_64/lib64netapi0-3.2.15-0.1mdvmes5.x86_64.rpm 6913e5c18f96b3f54bbe9b93e6edb8d6 mes5/x86_64/lib64netapi-devel-3.2.15-0.1mdvmes5.x86_64.rpm 86fc5c1e35809123367b7ae28ba03eb9 mes5/x86_64/lib64smbclient0-3.2.15-0.1mdvmes5.x86_64.rpm 0b4c0a7481de6b52ea593a9f5e9b584b mes5/x86_64/lib64smbclient0-devel-3.2.15-0.1mdvmes5.x86_64.rpm 007c85e7b30e817ea0ff3298318ba10b mes5/x86_64/lib64smbclient0-static-devel-3.2.15-0.1mdvmes5.x86_64.rpm 66034bc8194eb1dd4543e719c175f09a mes5/x86_64/lib64smbsharemodes0-3.2.15-0.1mdvmes5.x86_64.rpm 7f6fee0d5d832dd4034bb4b75ac37067 mes5/x86_64/lib64smbsharemodes-devel-3.2.15-0.1mdvmes5.x86_64.rpm eca90c14a1d4bde2f644c2d1fd6ef3c6 mes5/x86_64/lib64talloc1-3.2.15-0.1mdvmes5.x86_64.rpm 9976c09999010e7941bbe0dc1fe6ca5f mes5/x86_64/lib64talloc-devel-3.2.15-0.1mdvmes5.x86_64.rpm aab081f61e82ddf3f632790f27cb5ce7 mes5/x86_64/lib64tdb1-3.2.15-0.1mdvmes5.x86_64.rpm 7e09992d972229bb7a6ebd82652c8901 mes5/x86_64/lib64tdb-devel-3.2.15-0.1mdvmes5.x86_64.rpm 4eac64f49ac6a1de779880dd5cb35ac2 mes5/x86_64/lib64wbclient0-3.2.15-0.1mdvmes5.x86_64.rpm 97bc3355ba4fb14cf7fdcf3de573a756 mes5/x86_64/lib64wbclient-devel-3.2.15-0.1mdvmes5.x86_64.rpm 58e2bad7d693718fa7b2325c9a3ffe7d mes5/x86_64/mount-cifs-3.2.15-0.1mdvmes5.x86_64.rpm 5f5705776b2d82f177e9bacc65871f54 mes5/x86_64/nss_wins-3.2.15-0.1mdvmes5.x86_64.rpm 77fceb32cdfe7d51c18af0cff52e04c6 mes5/x86_64/samba-client-3.2.15-0.1mdvmes5.x86_64.rpm c2bb12c0752dbed3294b4c0c5916e8c0 mes5/x86_64/samba-common-3.2.15-0.1mdvmes5.x86_64.rpm 53356120576a52daa576305583312f42 mes5/x86_64/samba-doc-3.2.15-0.1mdvmes5.x86_64.rpm 8c3ea40fa44b17279b3ac6143696833d mes5/x86_64/samba-server-3.2.15-0.1mdvmes5.x86_64.rpm 642a8cb6ec8f6c8324b16afe7e65359b mes5/x86_64/samba-swat-3.2.15-0.1mdvmes5.x86_64.rpm b75993170697d32dec52afecc79c991f mes5/x86_64/samba-winbind-3.2.15-0.1mdvmes5.x86_64.rpm 03855a2e42003a125af121eb9738ebd5 mes5/SRPMS/samba-3.2.15-0.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK1bXKmqjQ0CJFipgRAnbTAKDYpf2++bD/H+jbl61t8P9IXw2GuACguZoT zmZwuB3govO6Ux2stXPDUps= =KymD -----END PGP SIGNATURE-----

Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. CUPS (Common UNIX Printing System) is prone to a local heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Exploiting this issue will allow local attackers to execute arbitrary code with superuser privileges and completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. Local users can gain privileges with the help of unknown vectors. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. This can be exploited to potentially execute arbitrary code by tricking a user into opening a ".fileloc" file. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to Mac OS X v10.6.1 or apply Security Update 2009-005. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects Mac OS X Server 10.5.8 and prior. NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the CarbonCore component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the following: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. Apple Mac OS X is prone to a remote code-execution vulnerability that affects the Launch Services component. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. The following versions are affected: Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Visiting a malicious website may cause unsafe file types to open automatically. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. Hitachi JP1 / Automatic Job Management System 2-View, JP1 / Integrated Management-View, and multiple versions of JP1 / Cm2 / SNMP System Observer have unknown vulnerabilities. Remote attackers can trigger rejection by displaying "Invalid GIF file". Service (& ldquo; Exception & rdquo; Termination). Multiple Hitachi products are prone to a denial-of-service vulnerability caused by an unspecified error. Attackers can exploit this issue to terminate the affected applications, causing a denial-of-service condition. Affected products include the following: JP1/Automatic Job Management System 2 - View JP1/Integrated Management - View JP1/Cm2/SNMP System Observer For the full list of affected products, please see the referenced vendor advisory. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. Very few technical details are currently available. We will update this BID as more information emerges. An attacker can leverage these issues to execute arbitrary commands within the context of the vulnerable application and compromise the computer. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Hitachi JP1/File Transmission Server/FTP Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA36645 VERIFY ADVISORY: http://secunia.com/advisories/36645/ DESCRIPTION: Some vulnerabilities have been reported in Hitachi JP1/File Transmission Server/FTP, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. For several Hitachi products, GIF A buffer overflow vulnerability exists due to a flaw in handling images.The details may be affected by a third party. Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java, are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Hitachi Products GIF Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA36622 VERIFY ADVISORY: http://secunia.com/advisories/36622/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to potentially compromise a vulnerable system. Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing.". Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to bypass the required passcode and gain access to sensitive information. This issue affects the following products: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0 This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. Disclosing sensitive information or completely hacking a user's system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the UIKit component. Successful exploits may allow attackers with physical access to an affected device to obtain password data. Information harvested may aid in launching further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. lead to intrusion into the user's system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-063 September 10, 2009 -- CVE ID: CVE-2009-2799 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8435. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859 -- Disclosure Timeline: 2009-07-28 - Vulnerability reported to vendor 2009-09-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Apple QuickTime Is FlashPix Arbitrary code is executed or service operation is interrupted due to incomplete processing (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed by a third party or service operation is interrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. If the result of the multiplication is greater than 32bits, the application will allocate an undersized heap chunk. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-064 September 10, 2009 -- CVE ID: CVE-2009-2798 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8414. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859 -- Disclosure Timeline: 2009-07-28 - Vulnerability reported to vendor 2009-09-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/

The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. Apple iPhone and iPod touch are prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to bypass security restrictions, which may aid in further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. iPhone OS allows communication through services provided by Microsoft Exchange Server. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability