VARIoT IoT vulnerabilities database
| VAR-200908-0265 | CVE-2009-2199 | Apple Safari of WebKit In URL Domain name spoofing vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Apple Safari of WebKit Is URL There are vulnerabilities that make it easier to phishing attacks by spoofing the domain name inside.To a third party URL The domain name inside may be phishing attacks. WebKit is affected by a URI-spoofing vulnerability because it fails to adequately handle specific characters in international domain name (IDN) domains.
An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.
Versions prior to Apple Safari 4.0.3 are vulnerable; other applications using WebKit may also be affected. Apple Safari is a WEB browser. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
For more information see vulnerability #6 in:
SA36269
SOLUTION:
Update to iPhone OS 3.1 or iPhone OS for iPod touch 3.1.1
(downloadable and installable via iTunes).
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200908-0708 | CVE-2009-2412 | APR Library and APR-util Integer overflow vulnerability in the library |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. This could cause the library to return a
memory area which smaller than requested, resulting a heap overflow
and possibly arbitrary code execution.
For the old stable distribution (etch), this problem has been fixed in
version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of
the apr-util package.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1
of the apr-util package.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your APR packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz
Size/MD5 checksum: 643328 a3117be657f99e92316be40add59b9ff
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc
Size/MD5 checksum: 1036 9dc256c005a7f544c4d5c410b226fb74
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz
Size/MD5 checksum: 26613 021ef3aa5b3a9fc021779a0b6a6a4ec9
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz
Size/MD5 checksum: 21651 e090ebfd7174c90bae4e4935a3d3db15
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz
Size/MD5 checksum: 1102370 aea926cbe588f844ad9e317157d60175
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc
Size/MD5 checksum: 856 89662625fd7a34ceb514087de869d918
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb
Size/MD5 checksum: 121726 df1e2d6e8bf9ed485ad417fe274eb0e3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb
Size/MD5 checksum: 83690 b5873275f420b15f9868ea0dde699c60
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb
Size/MD5 checksum: 371668 4e8bd42151f3cdf8cee91c49599aab42
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb
Size/MD5 checksum: 129158 5074639b4b0d9877ff29b96540fdfaec
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb
Size/MD5 checksum: 185420 ddf84849ff3bee792dc187c6d21958bd
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb
Size/MD5 checksum: 148140 079cff06535a7e3f4e9a5d682d80bb1b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb
Size/MD5 checksum: 72946 6b11e4b65bdf67981a091177d9644007
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb
Size/MD5 checksum: 126156 b420f555d02504e0497a0ba3c27e0cac
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb
Size/MD5 checksum: 127742 1606857f3291ccb10e038219f1f2eab3
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb
Size/MD5 checksum: 187302 bb1a4aa5768fa012201ad1e72bc27e93
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb
Size/MD5 checksum: 348120 b5d6b4e7c628dffe867159b54b6c82f1
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb
Size/MD5 checksum: 111664 6b51dc29ea4defa975902d246188086f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb
Size/MD5 checksum: 121504 3ba789c274f2ed7030aa286ea57dbb3d
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb
Size/MD5 checksum: 175146 86ff258e9181fa424cb043dc22e2c0e0
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb
Size/MD5 checksum: 117302 97d701c8f9d6746eb14448bfde8e8588
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb
Size/MD5 checksum: 104934 45a976662beb7ec3b15ee7c7a45f3de7
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb
Size/MD5 checksum: 66110 09c54142359236f50654bd9c7b375781
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb
Size/MD5 checksum: 335520 14d06ecfb54247718b780c893df8f4cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb
Size/MD5 checksum: 126186 9494353aa42e983a245af2890dd2c6d7
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb
Size/MD5 checksum: 78668 60c87b0e86c1ed31deecddd88cdf5fa5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb
Size/MD5 checksum: 133918 ae993c733053a326603c5b750505bee9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb
Size/MD5 checksum: 116052 6238f10eb5077bb53b9664b82b985c40
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb
Size/MD5 checksum: 338694 262cec472ec3aaeb1b4d38eebaa940c8
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb
Size/MD5 checksum: 68854 78ab4f6425153d8b746b99842994d555
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb
Size/MD5 checksum: 109138 4aa254cacd4e95785ae823cedb1cce2f
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb
Size/MD5 checksum: 122136 4a16475bb5780625902c79069681ae74
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb
Size/MD5 checksum: 180654 481471d06045a2e348b55de6dbdf5f94
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb
Size/MD5 checksum: 156562 52761fff3e82e21728e0c6a79bf4508f
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb
Size/MD5 checksum: 99446 3ad58d882e434e39be525e7aa41d9e93
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb
Size/MD5 checksum: 141894 5b7351a6b4c3765e3d76b9d22e04cf0e
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb
Size/MD5 checksum: 118716 8c73712293cd4d9a5935aefd18a3e4c9
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb
Size/MD5 checksum: 171514 f474001e4f852a44af517b5d6f737a65
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb
Size/MD5 checksum: 385514 76d0bbda16c749f6a5b40fd6297a180a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb
Size/MD5 checksum: 188816 de1ecb467042d2c1891cc1d2f5db83d9
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb
Size/MD5 checksum: 130394 fc34d9b137c080b63374d809c1d6bf8b
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb
Size/MD5 checksum: 130492 4d7cdffabbef214eeea0c02a346d0eb8
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb
Size/MD5 checksum: 70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb
Size/MD5 checksum: 357368 aab08f1596aead97cc48924ebf99c80e
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb
Size/MD5 checksum: 112644 9c6d720999259453daaa13e8ec3c8336
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb
Size/MD5 checksum: 186464 5b2392a143ff8a173a771b819377ab47
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb
Size/MD5 checksum: 128052 02e3c278190e92d7131c275aab5f5c44
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb
Size/MD5 checksum: 358010 480087a77642a8ff99a32bb323b62600
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb
Size/MD5 checksum: 130712 50da703a75deb2ba87d4be171e80bd5b
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb
Size/MD5 checksum: 113352 d363370bcba834268202db5271b20aa3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb
Size/MD5 checksum: 70794 1f57c4362c286bd0d2df40d775690612
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb
Size/MD5 checksum: 125106 92d5d46effd18aaa8e849254d9da8acd
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb
Size/MD5 checksum: 348504 2f4f96652c28e3f5f1cfae8e5265ec83
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb
Size/MD5 checksum: 130380 dacdce767bcff6b0ecbe66add6838e8b
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb
Size/MD5 checksum: 189780 ae1e23e3080fbfe3ba26b8acf9561d6c
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb
Size/MD5 checksum: 113956 1e2ba4da9ee0775325b351887c182f52
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb
Size/MD5 checksum: 72472 3a47c9eca3ec7b6f4e87609b3aca7f65
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb
Size/MD5 checksum: 124802 cdd46922b57a51fedb25ae401d8dc753
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb
Size/MD5 checksum: 121978 71edc1d101933b1a43a9c395427a4aed
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb
Size/MD5 checksum: 128570 f0f7d5dfecb61c6212e0803a325e8a01
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb
Size/MD5 checksum: 186320 cca313c55848e6161810ff16fb71390f
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb
Size/MD5 checksum: 349848 b9cbaa0a70b9bfa28d74ac4a6e107428
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb
Size/MD5 checksum: 76668 f6b5e093ae1c3c5d4442e223115052de
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb
Size/MD5 checksum: 338056 ab06437e18c1cc36dab35779cc4102d8
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb
Size/MD5 checksum: 103200 1c6f94d15f4e3052e9ed80fc232f96b5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb
Size/MD5 checksum: 117840 5f0671d301a9e2ea8020d0dcaa71a42b
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb
Size/MD5 checksum: 66374 668815a44c99c366ae8e3f624613932e
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb
Size/MD5 checksum: 167962 f338f71eeb38be58c67d1ac0fd92d1ff
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb
Size/MD5 checksum: 117510 63dd9c471f24472eb46a5fd9dcb92077
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz
Size/MD5 checksum: 1127522 020ea947446dca2d1210c099c7a4c837
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz
Size/MD5 checksum: 12398 b407ff7dac7363278f4f060e121aa611
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc
Size/MD5 checksum: 1530 dccceaa89d58074be3b7b7738a99756b
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz
Size/MD5 checksum: 23138 a2222477de9ad92015416542a2c250ed
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc
Size/MD5 checksum: 1284 4330306f892fd7c0950b1ccf2537b38d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb
Size/MD5 checksum: 806236 3689d5ee779d3846fe67c9dad2f213dc
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb
Size/MD5 checksum: 53204 92bb2e8a7c48e6f8437680e08607a3f7
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb
Size/MD5 checksum: 147658 edba141e93c382fbf0ab2bbec1dba899
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb
Size/MD5 checksum: 158060 b80ad32790c6c8d89f0007a69d9ce0b8
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb
Size/MD5 checksum: 90740 c715b55d060a2d4e8d7684477d0b9014
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb
Size/MD5 checksum: 121774 565a4fdd123d04698907456e40d4df0b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb
Size/MD5 checksum: 54232 3f23cc38f68bbf926b801b82b3fea917
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb
Size/MD5 checksum: 80046 f6158018f26ddd6369687b8f9f64aa75
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb
Size/MD5 checksum: 114326 851cc08504589c09f08ec9e6efa52ef1
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb
Size/MD5 checksum: 147928 136a5a5c0d558d8f252d1ed44efed217
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb
Size/MD5 checksum: 133850 6b71ac477650c688863ef33fc58216a0
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb
Size/MD5 checksum: 825740 bf80dbc726c5b691b023e96e463ba88c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb
Size/MD5 checksum: 818438 8e6c8a9964650a793e4a0e5ec51a8619
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb
Size/MD5 checksum: 54912 a853d8175d2bee56c6f37aada02fc2ca
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb
Size/MD5 checksum: 107790 85e0815ff8f340d99052a9c9f604cccd
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb
Size/MD5 checksum: 71112 20a4c9fd130c188166c0ebc6ceff5fcf
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb
Size/MD5 checksum: 138982 c84f95cff9713ed403fae7b712456ade
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb
Size/MD5 checksum: 124090 c4fc3663255a416725a69818e3523731
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb
Size/MD5 checksum: 109676 e26ebffcc101ffc87963c9a65b3543f6
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb
Size/MD5 checksum: 124626 4c34337eb3d1d55900a067f2c8412abc
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb
Size/MD5 checksum: 821990 19c68f5f904bb3bbdfd44349f8544e83
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb
Size/MD5 checksum: 55820 f39b0928bc4b91fb60bd6259c6ae6e02
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb
Size/MD5 checksum: 70086 1d3032e0879ed1ea6fa2f04c34af1782
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb
Size/MD5 checksum: 139434 e802e42577998c62fadfc335edb3b81a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb
Size/MD5 checksum: 83668 3c8893214d7375303eaf1eec6e27212b
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb
Size/MD5 checksum: 827762 2fd0d8dd54c92c828e42100bb8816b00
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb
Size/MD5 checksum: 142916 14e1e2f8fa50b0eb1772f1e4bbc26e50
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb
Size/MD5 checksum: 140872 7fef63f2cd282e44c51b5e69d94d8706
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb
Size/MD5 checksum: 113954 926b8c39fee1787a94b3d6cc1c6d420b
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb
Size/MD5 checksum: 54332 18751dc2275828a126b2dbe568678f32
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb
Size/MD5 checksum: 73814 2ef03972ed5b2232fe5782c4960bc362
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb
Size/MD5 checksum: 54582 edc98ca59cebd14195602929def1da31
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb
Size/MD5 checksum: 141438 5a54e1cac30640ca5e9922586d9983a8
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb
Size/MD5 checksum: 108882 075f37cd43e483d27ff0b94ad01f2d08
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb
Size/MD5 checksum: 121138 fc2411e049936d12702713c82377c9e5
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb
Size/MD5 checksum: 809460 a5648e0404f1cb4244c156cf85bfe0f5
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb
Size/MD5 checksum: 135404 8f7a4964b22e5e9e5297380c15d8818d
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb
Size/MD5 checksum: 170110 412b51e1e3c1ed4e309459dd17844e68
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb
Size/MD5 checksum: 154362 2fc1441f28ef4f90446464627c8ef36d
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb
Size/MD5 checksum: 837496 6862607faf59e42525f5205d8a967818
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb
Size/MD5 checksum: 111140 12f0bf9e6264cc9c170c2b8365428cc0
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb
Size/MD5 checksum: 53428 a6a55d644fb58a0f7ea6a9b509cb71d0
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb
Size/MD5 checksum: 110932 feb666e4f402bcb1954bc194c37496d7
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb
Size/MD5 checksum: 147482 e2508cc75520518ccbe4c3a5cf0cc50c
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb
Size/MD5 checksum: 56582 5134a012017e629239cc543fedf4edf3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb
Size/MD5 checksum: 74584 2fbb1b76079126fd701f32e45a9cf7f0
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb
Size/MD5 checksum: 792650 126585d9fe0def77f7632f9d098eb11d
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb
Size/MD5 checksum: 136438 ae62dc1d5a32fac11615f4b67cfa4a6b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb
Size/MD5 checksum: 56414 ecca7e3643ccb91fc962b886bdddbc0e
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb
Size/MD5 checksum: 136390 d45f956c14ea9fe22b77bce3810c32b7
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb
Size/MD5 checksum: 144740 05411f88615592531468cdd89bb4b5d0
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb
Size/MD5 checksum: 74366 a15e15331a62f33d33481b7e53f07b48
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb
Size/MD5 checksum: 792762 dc1e4748e106c82e9f8bf6c3ecce4a38
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb
Size/MD5 checksum: 110974 a5dd28b5c9b3106da8e4c81abea6777d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb
Size/MD5 checksum: 82512 f8a18fb94a4ef3cabec01c288a26eef5
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb
Size/MD5 checksum: 55708 555d64273f15c6ebd503b7cb84f0fb29
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb
Size/MD5 checksum: 132338 66e77820b5b9d2a05d6df5c4ec2c76b0
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb
Size/MD5 checksum: 116238 1a291989c32ea21ac8eef9ca51831fc5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb
Size/MD5 checksum: 147180 cc9f274b349dbbb9ce9b69b0d0edf493
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb
Size/MD5 checksum: 821948 fc3acf3dec16223caf6f932e8b7c0c01
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb
Size/MD5 checksum: 126058 474bddd0f3c5a69cc21fc2d403fe90f6
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb
Size/MD5 checksum: 148614 89cc7bb2619f28e5e6e9d0042050a924
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb
Size/MD5 checksum: 133044 fb35625937e6fae551d97df283a32dd9
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb
Size/MD5 checksum: 787872 2dc32425bfbd17b841218064599d80ed
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb
Size/MD5 checksum: 85496 c41f2fdebd22ec066815211768dcdc3a
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb
Size/MD5 checksum: 54414 c36fa2538d8077a8ef09842e07bd989a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb
Size/MD5 checksum: 814624 613a70f3443404f5939e91e229d01d25
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb
Size/MD5 checksum: 54370 4c12839718c73a2b96b607d77fcbc583
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb
Size/MD5 checksum: 131706 5c2ad3da38aaaab8ac2c14656602c532
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb
Size/MD5 checksum: 108712 c1f66be9c2daa447d5bfbd1f7639aada
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb
Size/MD5 checksum: 72738 ec558ed4277ca676f07e3181ffad0335
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb
Size/MD5 checksum: 124976 22385c13d934c3877ce2f9eeaa4584e3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv
U1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD
vIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI
UKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf
F5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l
RmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M=
=704P
-----END PGP SIGNATURE-----
.
This update provides fixes for these vulnerabilities.
Update:
apr-util packages were missing for Mandriva Enterprise Server 5 i586,
this has been adressed with this update. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
modules in the Apache HTTP Server, allows remote attackers to
cause a denial of service (memory consumption) via a crafted XML
document containing a large number of nested entity references, as
demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564
(CVE-2009-1955).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm
bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm
334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm
4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm
ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm
3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm
b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm
6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm
1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm
b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm
10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm
068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm
a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm
c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm
4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm
6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm
1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy
wuYdtSQeV/bOOP7w17qo2V0=
=V8dA
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. The Apache Portable Runtime
Utility Library (aka APR-Util) provides an interface to functionality
such as XML parsing, string matching and databases connections.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/apr < 1.3.8 >= 1.3.8
2 dev-libs/apr-util < 1.3.9 >= 1.3.9
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(),
apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of
APR-Util and in memory/unix/apr_pools.c of APR, both occurring when
aligning memory blocks.
Impact
======
A remote attacker could entice a user to connect to a malicious server
with software that uses the APR or act as a malicious client to a
server that uses the APR (such as Subversion or Apache servers),
possibly resulting in the execution of arbitrary code with the
privileges of the user running the application.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Apache Portable Runtime users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8
All APR Utility Library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9
References
==========
[ 1 ] CVE-2009-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-813-2 August 08, 2009
apache2 vulnerability
CVE-2009-2412
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libapr0 2.0.55-4ubuntu2.7
After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.
Details follow:
USN-813-1 fixed vulnerabilities in apr. This update provides the
corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz
Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc
Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb
Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 229124 400d32297652e4976456cb7b367cc435
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 37096 2756f162320b3b183c7447dad130cff9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 37098 15db8827569af434025942a84e77b381
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 262652 93f2171d69072153264cab51860f781c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 804250 3a780a65322c539717e93a64792acc16
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c
| VAR-200908-0404 | CVE-2009-1723 | Apple Mac OS of CFNetwork In any HTTPS Web Vulnerability that can be disguised as visiting a site |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. This vulnerability CVE-2009-2062 Is a different vulnerability.Optional to a third party HTTPS Web You may be disguised as visiting the site. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0403 | CVE-2009-1728 | Apple Mac OS of image RAW Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0402 | CVE-2009-1727 | Apple Mac OS of CoreTypes Any of the blacklists in JavaScript Vulnerability to be executed |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. A list of system content types that will be marked as unsafe in certain circumstances (such as when downloading from a web page).
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0401 | CVE-2009-1726 | Apple Mac OS of ColorSync Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. A heap overflow exists when handling graphics embedded with ColorSync configuration files, opening malicious graphics may lead to unexpected application termination or arbitrary code execution. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA40105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40105
RELEASE DATE:
2010-06-09
DISCUSS ADVISORY:
http://secunia.com/advisories/40105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to bypass certain security restrictions,
disclose sensitive information, conduct spoofing or cross-site
scripting attacks, and potentially compromise a user's system.
1) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to potentially execute
arbitrary code.
This is related to vulnerability #2 in:
SA36096
2) The browser follows links containing arbitrary user information
without warning, which can be exploited to facilitate phishing
attacks via specially crafted URLs.
3) A use-after-free error when handling PDF files can be exploited to
potentially execute arbitrary code.
4) An error in WebKit when handling clipboard URLs can be exploited
to disclose sensitive files if a user is tricked into dragging or
pasting links or images to a malicious website.
5) An error in WebKit when a selection from a website is dragged or
pasted into another website can be exploited to potentially execute
arbitrary JavaScript code in the context of the destination website.
6) An error in WebKit when handling UTF-7 encoded text can be
exploited to leave an HTML quoted string unterminated and facilitate
cross-site scripting attacks.
7) An input sanitation error in WebKit when handling Local Storage
and Web SQL databases can be exploited to create database files in
arbitrary directories via directory traversal attacks.
8) A use-after-free error in WebKit when rendering HTML buttons can
be exploited to potentially execute arbitrary code.
9) A use-after-free error in WebKit when handling attribute
manipulations can be exploited to potentially execute arbitrary
code.
10) An error in WebKit when handling HTML document fragments can be
exploited to execute arbitrary JavaScript code in a legitimate
context processing foreign HTML fragments.
11) An error in WebKit when handling keyboard focus can be exploited
to deliver key press events intended for a different frame.
12) An error in WebKit when handling DOM constructor objects can be
exploited to conduct cross-site scripting attacks.
13) A use-after-free error in WebKit when handling the removal of
container elements can be exploited to potentially execute arbitrary
code.
14) A use-after-free error in WebKit when rendering a selection at
the time of a layout change can be exploited to potentially execute
arbitrary code.
15) An error in WebKit when handling ordered list insertions can be
exploited to corrupt memory and potentially execute arbitrary code.
16) An uninitialised memory access error in WebKit when handling
selection changes on form input elements can be exploited to
potentially execute arbitrary code.
17) A use-after-free error in WebKit when handling caption elements
can be exploited to potentially execute arbitrary code.
18) A use-after-free error in WebKit when handling the
":first-letter" pseudo-element in cascading stylesheets can be
exploited to potentially execute arbitrary code.
19) A double-free error in WebKit when handling event listeners in
SVG documents can be exploited to potentially execute arbitrary
code.
20) An uninitialised memory access error in WebKit when handling
"use" elements in SVG documents can be exploited to potentially
execute arbitrary code.
21) A use-after-free error in WebKit when handling SVG documents with
multiple "use" elements can be exploited to potentially execute
arbitrary code.
22) An error in WebKit when handling nested "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) A use-after-free error in WebKit when handling CSS run-ins can be
exploited to potentially execute arbitrary code.
24) A use-after-free error in WebKit when handling HTML elements with
custom vertical positioning can be exploited to potentially execute
arbitrary code.
25) An error exists in WebKit when visiting HTTPS websites
redirecting to HTTP websites. This can be exploited to disclose
potentially sensitive information contained in the HTTPS URL by
reading the "Referer" header.
26) An integer truncation error in WebKit when handling TCP requests
can be exploited to pass arbitrary data to arbitrary TCP ports.
27) An error in WebKit when processing connections to IRC ports can
be exploited to send arbitrary data to arbitrary IRC servers.
28) A use-after-free error in WebKit when handling hover events can
be exploited to potentially execute arbitrary code.
29) An error in WebKit can be exploited to read NTLM credentials that
are incorrectly transmitted in plain-text via Man-in-the-Middle (MitM)
attacks.
30) A use-after-free error in WebKit when handling the "removeChild"
DOM method can be exploited to potentially execute arbitrary code.
31) An error in WebKit when handling libxml contexts can be exploited
to potentially execute arbitrary code.
32) An error in WebKit when handling a canvas with an SVG image
pattern can be exploited to load and capture an image from another
website.
33) An error in WebKit when rendering CSS-styled HTML content with
multiple ":after" pseudo-selectors can be exploited to corrupt memory
and potentially execute arbitrary code.
34) An error in WebKit when handling the "src" attribute of a frame
element can be exploited to facilitate cross-site scripting attacks.
35) A use-after-free error in WebKit when handling drag and drop
operations can be exploited to potentially execute arbitrary code.
36) An error in the implementation of the JavaScript "execCommand"
function can be exploited to modify the contents of the clipboard.
37) An error when handling malformed URLs can be exploited to bypass
the same-origin policy and execute arbitrary script code in the
context of a different domain.
38) A use-after-free error in WebKit when handling DOM "Range"
objects can be exploited to potentially execute arbitrary code.
39) A use-after-free error in WebKit when handling the
"Node.normalize()" method can be exploited to potentially execute
arbitrary code.
40) A use-after-free error in WebKit when rendering HTML document
subtrees can be exploited to potentially execute arbitrary code.
41) An error in WebKit when handling HTML content in "textarea"
elements can be exploited to conduct cross-site scripting attacks.
42) An error in WebKit when visiting a website which redirects form
submissions to a redirecting website can be exploited disclose
submitted data.
43) A type checking error in WebKit when handling text nodes can be
exploited to potentially execute arbitrary code.
44) A use-after-free error in WebKit when handling fonts can be
exploited to potentially execute arbitrary code.
45) An error in WebKit when handling HTML tables can be exploited to
trigger an out-of-bounds memory access and potentially execute
arbitrary code.
46) An error in WebKit when handling the CSS ":visited" pseudo-class
can be exploited to disclose visited websites.
PROVIDED AND/OR DISCOVERED BY:
37) Michal Zalewski
The vendor also credits:
1) Chris Evans of the Google Security Team, and Andrzej Dyjak
2) Abhishek Arya of Google
3) Borja Marcos of Sarenet
4) Eric Seidel of Google
5) Paul Stone of Context Information Security
6) Masahiro Yamada
8) Matthieu Bonetti of Vupen
9) Ralf Philipp Weinmann working with TippingPoint's Zero Day
Initiative
10, 41) Eduardo Vela Nava (sirdarckcat) of Google
11) Michal Zalewski of Google
12) Gianni "gf3" Chiappetta of Runlevel6
13, 15, 16, 18, 19, 20, 21, 23, 43) wushi of team509, working with
TippingPoint's Zero Day Initiative
14) wushi and Z of team509, working with TippingPoint's Zero Day
Initiative
17) regenrecht working with iDefense
22, 31) Aki Helin of OUSPG
24) Ojan Vafai of Google
25) Colin Percival of Tarsnap
28) Dave Bowker
30) Mark Dowd of Azimuth Security
32) Chris Evans of Google
33, 45) wushi of team509
34) Sergey Glazunov
35) kuzzcc, and Skylined of Google Chrome Security Team
38) Yaar Schnitman of Google
39) Mark Dowd
40) James Robinson of Google
42) Marc Worrell of WhatWebWhat
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4196
Michal Zalewski:
http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. Some
have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions, disclose sensitive
information, or compromise a user's system.
For more information:
SA37931
SA40105
4) One unspecified vulnerability with an unknown impact has been
reported in WebKit included in iTunes. No further information is
currently available.
5) Two vulnerabilities in WebKit can be exploited by malicious people
to compromise a user's system.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Chris Evans of the Google Security Team and
Andrzej Dyjak.
2) The vendor credits Kevin Finisterre, digitalmunition.com.
4) Reported by the vendor. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities
| VAR-200908-0272 | CVE-2009-2194 | Apple Mac OS Service disruption related to file descriptor sharing (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0270 | CVE-2009-2192 | Apple Mac OS of MobileMe Vulnerable to session hijacking |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0271 | CVE-2009-2193 | Apple Mac OS of kernel Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0268 | CVE-2009-2190 | Apple Mac OS of launchd Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0269 | CVE-2009-2191 | Apple Mac OS Arbitrary login window execution vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0267 | CVE-2009-2188 | Apple Mac OS of ImageIO and Safari Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. Apple's ImageIO component is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.
Successful exploits will allow an attacker to run arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.5 through 10.5.7, Mac OS X Server 10.5 through 10.5.7, and Apple Safari prior to 4.0.3.
NOTE: This vulnerability was previously documented in BID 35954 (Apple Mac OS X 2009-003 Multiple Security Vulnerabilities) but has been given its own record to better document the issue.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
5) An error when processing four-finger Multi-Touch gestures can be
exploited by a person with physical access to a locked system to
manage applications or use Expose.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
For more information:
SA28923
SOLUTION:
Update to Mac OS X v10.5.8 or apply Security Update 2009-003. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0247 | CVE-2009-0151 | Apple Mac OS of Dock Vulnerability that can prevent locks in screen savers inside |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.
The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.
I.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These
and other updates are available via Software Update or via Apple
Downloads.
IV. Please send
email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in bzip2 can be exploited to terminate an application
using the library via a specially crafted archive.
For more information:
SA29410
2) An error in CFNetwork can be exploited by a malicious website to
control the URL displayed in a certificate warning when Safari
follows a redirect from a trusted website.
3) An error when processing ColorSync profiles embedded in a
specially crafted image can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
4) An error when handling unsafe content types can be exploited to
execute a malicious JavaScript payload when a specially crafted file
is manually opened.
NOTE: This vulnerability only affects system having a Multi-Touch
trackpad.
6) An error when processing Canon RAW images can be exploited to
cause a stack-based buffer overflow and potentially execute arbitrary
code.
7) An error in ImageIO when processing OpenEXR images can be
exploited to cause a heap-based buffer overflow and potentially
execute arbitrary code.
8) Multiple errors in ImageIO when processing OpenEXR images can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA36030
9) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
10) An error in ImageIO when processing PNG images can be exploited
to dereference an uninitialised pointer and potentially execute
arbitrary code.
11) An error in the "fcntl()" kernel implementation can be exploited
to corrupt kernel memory and execute arbitrary code with system
privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call.
12) An error in launchd when servicing via inetd can be exploited to
cause a service hang by opening an overly large number of
connections.
13) A format string error in Login Window when handling application
names can be exploited to potentially execute arbitrary code.
14) The MobileMe preference pane fails to properly delete all
credentials when signing out. This can be exploited to access
previously signed in systems from the same local user account.
15) An error in the kernel when processing AppleTalk response packets
can be exploited to cause a buffer overflow and potentially execute
arbitrary code with system privileges.
16) A synchronization error when sharing file descriptors over local
sockets can be exploited to cause an unexpected system shutdown.
17) A boundary error in the PCRE library used by XQuery can be
exploited to cause a buffer overflow and potentially execute
arbitrary code. of Johns Hopkins University, HiNRG
The vendor also credits:
2) Kevin Day of Your.Org and Jason Mueller of Indiana University
4) Brian Mastenbrook, and Clint Ruoho of Laconic Security
6) Chris Ries of Carnegie Mellon University Computing Services
7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie
Mellon University Computing Services
10) Tavis Ormandy of the Google Security Team
13) Alfredo Pesoli of 0xcafebabe.it
15) Ilja van Sprundel from IOActive
16) Bennet Yee of Google Inc.
CHANGELOG:
2009-08-06: Added link to "Original Advisory".
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3757
Chris Evans:
http://scary.beasts.org/security/CESA-2009-011.html
OTHER REFERENCES:
SA28923:
http://secunia.com/advisories/28923/
SA29410:
http://secunia.com/advisories/29410/
SA36030:
http://secunia.com/advisories/36030/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0264 | CVE-2009-2198 | Apple GarageBand Information Disclosure Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. Apple GarageBand is prone to an information-disclosure vulnerability.
Exploiting the issue may allow an attacker to obtain sensitive information that could aid in tracking a user's web activities.
This issue affects versions prior to GarageBand 5.1 for Mac OS X 10.5.7. Apple GarageBand is a set of music production software from Apple (Apple). ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple GarageBand Web Activity Tracking Disclosure
SECUNIA ADVISORY ID:
SA36114
VERIFY ADVISORY:
http://secunia.com/advisories/36114/
DESCRIPTION:
A security issue has been reported in GarageBand, which can be
exploited by malicious people to gain knowledge of sensitive
information.
The problem is caused due to Safari's preferences being changed to
always accept cookies when opening GarageBand. This could allow third
parties and advertisers to track a user's web activity.
SOLUTION:
Update to version 5.1.
http://support.apple.com/downloads/GarageBand_5_1
NOTE: Users of previous versions should also check that their Safari
preferences are set as desired.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3732
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0290 | CVE-2009-3455 | Apple Safari In any SSL Vulnerability impersonating a server |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. The problem is CVE-2009-2408 The problem is related to.By attackers, through a crafted certificate SSL There is a possibility of impersonating a server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
UPDATE (October 5, 2009): The vendor states that Safari on Mac OS X is not affected by this issue. This vulnerability is related to CVE-2009-2408
| VAR-200907-0748 | CVE-2009-2408 | plural  Mozilla product  any in  SSL Server spoofing vulnerability |
CVSS V2: 6.8 CVSS V3: 5.9 Severity: MEDIUM |
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. plural Mozilla product for, X.509 certificate of Common Name (CN) within the domain name in the field. There is a mismatch between the NSS library's handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship.
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update provides the latest version of Thunderbird which are not
vulnerable to these issues.
Update:
The mozilla-thunderbird-moztraybiff packages had the wrong release
which prevented it to be upgraded (#53129). The new packages addresses
this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html
https://bugs.gentoo.org/show_bug.cgi?id=280615
https://qa.mandriva.com/53129
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
e1c540f94c8b66fa4495de6015ed85db 2009.1/i586/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.i586.rpm
ab2fa7586f21de2f23216def8c542db6 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
b9ff59f0c11d63a1234365ea55ed5f46 2009.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.x86_64.rpm
ab2fa7586f21de2f23216def8c542db6 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKzcjqmqjQ0CJFipgRArPoAKDTymDqJYIxV5BbT+2AwZppDwJIpACeJ4ht
VW9XZMiWqP+lDv+zVbOlvnY=
=ruxq
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-810-1 August 04, 2009
nss vulnerabilities
CVE-2009-2404, CVE-2009-2408, CVE-2009-2409
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnss3-1d 3.12.3.1-0ubuntu0.8.04.1
Ubuntu 8.10:
libnss3-1d 3.12.3.1-0ubuntu0.8.10.1
Ubuntu 9.04:
libnss3-1d 3.12.3.1-0ubuntu0.9.04.1
After a standard system upgrade you need to restart an applications that
use NSS, such as Firefox, to effect the necessary changes. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
signatures. As a result, an attacker could potentially create a malicious
trusted certificate to impersonate another site. (CVE-2009-2409)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz
Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc
Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 3041822 533fda14ea785417cababc58419a8fec
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 3125800 102117180150342cecff38e653963f66
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 1019944 ee1829f9195609b3912994fc76788243
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz
Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc
Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 257586 89d972c2b67679eca265abac76d0687d
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 18220 8fd881d7744299014a919437d9edaf87
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 20666 abe014ba1940180af1051006e4d293fd
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 2942578 3d396922de5283db749fd41036403ead
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 251226 c09de8036a434e93488b5c1b77108246
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz
Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc
Size/MD5: 2012 a889688996d5530e8bf1eb181683137e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 258240 54d581c61ba7608526790263545e1b1c
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 255338 140b54235689f93baa3971add5401a42
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 257080 85844f856588609fba74ec37044f9c35
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 17410 9921067423eeb95bea428bf9f471559c
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2025-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 31, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : icedove
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463
CVE-2009-3072 CVE-2009-3075 CVE-2010-0163
Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-2408
Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
properly handle a '\0' character in a domain name in the subject's
Common Name (CN) field of an X.509 certificate (MFSA 2009-42).
CVE-2009-2404
Moxie Marlinspike reported a heap overflow vulnerability in the code
that handles regular expressions in certificate names (MFSA 2009-43).
CVE-2009-2463
monarch2020 discovered an integer overflow n a base64 decoding function
(MFSA 2010-07).
CVE-2009-3072
Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).
CVE-2009-3075
Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).
CVE-2010-0163
Ludovic Hirlimann reported a crash indexing some messages with
attachments, which could lead to the execution of arbitrary code
(MFSA 2010-07).
For the stable distribution (lenny), these problems have been fixed in
version 2.0.0.24-0lenny1.
Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.
For the testing distribution squeeze and the unstable distribution (sid),
these problems will be fixed soon.
We recommend that you upgrade your icedove packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz
Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc
Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz
Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb
Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb
Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb
Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb
Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb
Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb
Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb
Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb
Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb
Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb
Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb
Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb
Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuzCYEACgkQ62zWxYk/rQfEoQCfZP1v8IKG5mZvqvpREtfgpHLH
mSkAn3Irm0DPIBkS/Zqz2dMfEVSq96IU
=gE9m
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Products: Multiple vulnerabilities
Date: January 08, 2013
Bugs: #180159, #181361, #207261, #238535, #246602, #251322,
#255221, #255234, #255687, #257577, #260062, #261386,
#262704, #267234, #273918, #277752, #280226, #280234,
#280393, #282549, #284439, #286721, #290892, #292034,
#297532, #305689, #307045, #311021, #312361, #312645,
#312651, #312675, #312679, #312763, #313003, #324735,
#326341, #329279, #336396, #341821, #342847, #348316,
#357057, #360055, #360315, #365323, #373595, #379549,
#381245, #388045, #390771, #395431, #401701, #403183,
#404437, #408161, #413657, #419917, #427224, #433383,
#437780, #439586, #439960, #444318
ID: 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which
may allow execution of arbitrary code or local privilege escalation.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications such as Firefox
and Thunderbird. NSS is Mozilla's Network Security Services library
that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11
2 www-client/firefox-bin < 10.0.11 >= 10.0.11
3 mail-client/thunderbird < 10.0.11 >= 10.0.11
4 mail-client/thunderbird-bin
< 10.0.11 >= 10.0.11
5 www-client/seamonkey < 2.14-r1 >= 2.14-r1
6 www-client/seamonkey-bin
< 2.14 >= 2.14
7 dev-libs/nss < 3.14 >= 3.14
8 www-client/mozilla-firefox
<= 3.6.8 Vulnerable!
9 www-client/mozilla-firefox-bin
<= 3.5.6 Vulnerable!
10 mail-client/mozilla-thunderbird
<= 3.0.4-r1 Vulnerable!
11 mail-client/mozilla-thunderbird-bin
<= 3.0 Vulnerable!
12 www-client/icecat <= 10.0-r1 Vulnerable!
13 net-libs/xulrunner <= 2.0-r1 Vulnerable!
14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
14 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information,
bypass restrictions and protection mechanisms, force file downloads,
conduct XML injection attacks, conduct XSS attacks, bypass the Same
Origin Policy, spoof URL's for phishing attacks, trigger a vertical
scroll, spoof the location bar, spoof an SSL indicator, modify the
browser's font, conduct clickjacking attacks, or have other unspecified
impact.
A local attacker could gain escalated privileges, obtain sensitive
information, or replace an arbitrary downloaded file.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the
"www-client/firefox" package. To upgrade, please unmerge
"www-client/mozilla-firefox" and then emerge the latest
"www-client/firefox" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox"
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the
"www-client/firefox-bin" package. To upgrade, please unmerge
"www-client/mozilla-firefox-bin" and then emerge the latest
"www-client/firefox-bin" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox-bin"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the
"mail-client/thunderbird" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird" and then emerge the latest
"mail-client/thunderbird" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into
the "mail-client/thunderbird-bin" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird-bin" and then emerge the latest
"mail-client/thunderbird-bin" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird-bin"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users
unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users
unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We
recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
==========
[ 1 ] CVE-2011-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101
[ 2 ] CVE-2007-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436
[ 3 ] CVE-2007-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437
[ 4 ] CVE-2007-2671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671
[ 5 ] CVE-2007-3073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073
[ 6 ] CVE-2008-0016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016
[ 7 ] CVE-2008-0017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017
[ 8 ] CVE-2008-0367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367
[ 9 ] CVE-2008-3835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835
[ 10 ] CVE-2008-3836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836
[ 11 ] CVE-2008-3837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837
[ 12 ] CVE-2008-4058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058
[ 13 ] CVE-2008-4059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059
[ 14 ] CVE-2008-4060
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060
[ 15 ] CVE-2008-4061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061
[ 16 ] CVE-2008-4062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062
[ 17 ] CVE-2008-4063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063
[ 18 ] CVE-2008-4064
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064
[ 19 ] CVE-2008-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065
[ 20 ] CVE-2008-4066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066
[ 21 ] CVE-2008-4067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067
[ 22 ] CVE-2008-4068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068
[ 23 ] CVE-2008-4069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069
[ 24 ] CVE-2008-4070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070
[ 25 ] CVE-2008-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582
[ 26 ] CVE-2008-5012
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012
[ 27 ] CVE-2008-5013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013
[ 28 ] CVE-2008-5014
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014
[ 29 ] CVE-2008-5015
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015
[ 30 ] CVE-2008-5016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016
[ 31 ] CVE-2008-5017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017
[ 32 ] CVE-2008-5018
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018
[ 33 ] CVE-2008-5019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019
[ 34 ] CVE-2008-5021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021
[ 35 ] CVE-2008-5022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022
[ 36 ] CVE-2008-5023
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023
[ 37 ] CVE-2008-5024
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024
[ 38 ] CVE-2008-5052
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052
[ 39 ] CVE-2008-5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500
[ 40 ] CVE-2008-5501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501
[ 41 ] CVE-2008-5502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502
[ 42 ] CVE-2008-5503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503
[ 43 ] CVE-2008-5504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504
[ 44 ] CVE-2008-5505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505
[ 45 ] CVE-2008-5506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506
[ 46 ] CVE-2008-5507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507
[ 47 ] CVE-2008-5508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508
[ 48 ] CVE-2008-5510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510
[ 49 ] CVE-2008-5511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511
[ 50 ] CVE-2008-5512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512
[ 51 ] CVE-2008-5513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513
[ 52 ] CVE-2008-5822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822
[ 53 ] CVE-2008-5913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913
[ 54 ] CVE-2008-6961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961
[ 55 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 56 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 57 ] CVE-2009-0352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352
[ 58 ] CVE-2009-0353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353
[ 59 ] CVE-2009-0354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354
[ 60 ] CVE-2009-0355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355
[ 61 ] CVE-2009-0356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356
[ 62 ] CVE-2009-0357
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357
[ 63 ] CVE-2009-0358
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358
[ 64 ] CVE-2009-0652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652
[ 65 ] CVE-2009-0771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771
[ 66 ] CVE-2009-0772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772
[ 67 ] CVE-2009-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773
[ 68 ] CVE-2009-0774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774
[ 69 ] CVE-2009-0775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775
[ 70 ] CVE-2009-0776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776
[ 71 ] CVE-2009-0777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777
[ 72 ] CVE-2009-1044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044
[ 73 ] CVE-2009-1169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169
[ 74 ] CVE-2009-1302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302
[ 75 ] CVE-2009-1303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303
[ 76 ] CVE-2009-1304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304
[ 77 ] CVE-2009-1305
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305
[ 78 ] CVE-2009-1306
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306
[ 79 ] CVE-2009-1307
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307
[ 80 ] CVE-2009-1308
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308
[ 81 ] CVE-2009-1309
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309
[ 82 ] CVE-2009-1310
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310
[ 83 ] CVE-2009-1311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311
[ 84 ] CVE-2009-1312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312
[ 85 ] CVE-2009-1313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313
[ 86 ] CVE-2009-1392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392
[ 87 ] CVE-2009-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563
[ 88 ] CVE-2009-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571
[ 89 ] CVE-2009-1828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828
[ 90 ] CVE-2009-1832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832
[ 91 ] CVE-2009-1833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833
[ 92 ] CVE-2009-1834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834
[ 93 ] CVE-2009-1835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835
[ 94 ] CVE-2009-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836
[ 95 ] CVE-2009-1837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837
[ 96 ] CVE-2009-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838
[ 97 ] CVE-2009-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839
[ 98 ] CVE-2009-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840
[ 99 ] CVE-2009-1841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841
[ 100 ] CVE-2009-2043
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043
[ 101 ] CVE-2009-2044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044
[ 102 ] CVE-2009-2061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061
[ 103 ] CVE-2009-2065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065
[ 104 ] CVE-2009-2210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210
[ 105 ] CVE-2009-2404
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404
[ 106 ] CVE-2009-2408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408
[ 107 ] CVE-2009-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462
[ 108 ] CVE-2009-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463
[ 109 ] CVE-2009-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464
[ 110 ] CVE-2009-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465
[ 111 ] CVE-2009-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466
[ 112 ] CVE-2009-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467
[ 113 ] CVE-2009-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469
[ 114 ] CVE-2009-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470
[ 115 ] CVE-2009-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471
[ 116 ] CVE-2009-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472
[ 117 ] CVE-2009-2477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477
[ 118 ] CVE-2009-2478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478
[ 119 ] CVE-2009-2479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479
[ 120 ] CVE-2009-2535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535
[ 121 ] CVE-2009-2654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654
[ 122 ] CVE-2009-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662
[ 123 ] CVE-2009-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664
[ 124 ] CVE-2009-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665
[ 125 ] CVE-2009-3069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069
[ 126 ] CVE-2009-3070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070
[ 127 ] CVE-2009-3071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071
[ 128 ] CVE-2009-3072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072
[ 129 ] CVE-2009-3074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074
[ 130 ] CVE-2009-3075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075
[ 131 ] CVE-2009-3076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076
[ 132 ] CVE-2009-3077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077
[ 133 ] CVE-2009-3078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078
[ 134 ] CVE-2009-3079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079
[ 135 ] CVE-2009-3274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274
[ 136 ] CVE-2009-3371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371
[ 137 ] CVE-2009-3372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372
[ 138 ] CVE-2009-3373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373
[ 139 ] CVE-2009-3374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374
[ 140 ] CVE-2009-3375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375
[ 141 ] CVE-2009-3376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376
[ 142 ] CVE-2009-3377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377
[ 143 ] CVE-2009-3378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378
[ 144 ] CVE-2009-3379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379
[ 145 ] CVE-2009-3380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380
[ 146 ] CVE-2009-3381
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381
[ 147 ] CVE-2009-3382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382
[ 148 ] CVE-2009-3383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383
[ 149 ] CVE-2009-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388
[ 150 ] CVE-2009-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389
[ 151 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 152 ] CVE-2009-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978
[ 153 ] CVE-2009-3979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979
[ 154 ] CVE-2009-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980
[ 155 ] CVE-2009-3981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981
[ 156 ] CVE-2009-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982
[ 157 ] CVE-2009-3983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983
[ 158 ] CVE-2009-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984
[ 159 ] CVE-2009-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985
[ 160 ] CVE-2009-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986
[ 161 ] CVE-2009-3987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987
[ 162 ] CVE-2009-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988
[ 163 ] CVE-2010-0159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159
[ 164 ] CVE-2010-0160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160
[ 165 ] CVE-2010-0162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162
[ 166 ] CVE-2010-0163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163
[ 167 ] CVE-2010-0164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164
[ 168 ] CVE-2010-0165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165
[ 169 ] CVE-2010-0166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166
[ 170 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 171 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 172 ] CVE-2010-0168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168
[ 173 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 174 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 175 ] CVE-2010-0170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170
[ 176 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 177 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 178 ] CVE-2010-0172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172
[ 179 ] CVE-2010-0173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173
[ 180 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 181 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 182 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 183 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 184 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 185 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 186 ] CVE-2010-0177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177
[ 187 ] CVE-2010-0178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178
[ 188 ] CVE-2010-0179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179
[ 189 ] CVE-2010-0181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181
[ 190 ] CVE-2010-0182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182
[ 191 ] CVE-2010-0183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183
[ 192 ] CVE-2010-0220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220
[ 193 ] CVE-2010-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648
[ 194 ] CVE-2010-0654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654
[ 195 ] CVE-2010-1028
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028
[ 196 ] CVE-2010-1121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121
[ 197 ] CVE-2010-1125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125
[ 198 ] CVE-2010-1196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196
[ 199 ] CVE-2010-1197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197
[ 200 ] CVE-2010-1198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198
[ 201 ] CVE-2010-1199
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199
[ 202 ] CVE-2010-1200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200
[ 203 ] CVE-2010-1201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201
[ 204 ] CVE-2010-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202
[ 205 ] CVE-2010-1203
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203
[ 206 ] CVE-2010-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 207 ] CVE-2010-1206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206
[ 208 ] CVE-2010-1207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207
[ 209 ] CVE-2010-1208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208
[ 210 ] CVE-2010-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209
[ 211 ] CVE-2010-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210
[ 212 ] CVE-2010-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211
[ 213 ] CVE-2010-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212
[ 214 ] CVE-2010-1213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213
[ 215 ] CVE-2010-1214
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214
[ 216 ] CVE-2010-1215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215
[ 217 ] CVE-2010-1585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585
[ 218 ] CVE-2010-2751
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751
[ 219 ] CVE-2010-2752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752
[ 220 ] CVE-2010-2753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753
[ 221 ] CVE-2010-2754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754
[ 222 ] CVE-2010-2755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755
[ 223 ] CVE-2010-2760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760
[ 224 ] CVE-2010-2762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762
[ 225 ] CVE-2010-2763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763
[ 226 ] CVE-2010-2764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764
[ 227 ] CVE-2010-2765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765
[ 228 ] CVE-2010-2766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766
[ 229 ] CVE-2010-2767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767
[ 230 ] CVE-2010-2768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768
[ 231 ] CVE-2010-2769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769
[ 232 ] CVE-2010-2770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770
[ 233 ] CVE-2010-3131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131
[ 234 ] CVE-2010-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166
[ 235 ] CVE-2010-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167
[ 236 ] CVE-2010-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168
[ 237 ] CVE-2010-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169
[ 238 ] CVE-2010-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170
[ 239 ] CVE-2010-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171
[ 240 ] CVE-2010-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173
[ 241 ] CVE-2010-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174
[ 242 ] CVE-2010-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175
[ 243 ] CVE-2010-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176
[ 244 ] CVE-2010-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177
[ 245 ] CVE-2010-3178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178
[ 246 ] CVE-2010-3179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179
[ 247 ] CVE-2010-3180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180
[ 248 ] CVE-2010-3182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182
[ 249 ] CVE-2010-3183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183
[ 250 ] CVE-2010-3399
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399
[ 251 ] CVE-2010-3400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400
[ 252 ] CVE-2010-3765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765
[ 253 ] CVE-2010-3766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766
[ 254 ] CVE-2010-3767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767
[ 255 ] CVE-2010-3768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768
[ 256 ] CVE-2010-3769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769
[ 257 ] CVE-2010-3770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770
[ 258 ] CVE-2010-3771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771
[ 259 ] CVE-2010-3772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772
[ 260 ] CVE-2010-3773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773
[ 261 ] CVE-2010-3774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774
[ 262 ] CVE-2010-3775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775
[ 263 ] CVE-2010-3776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776
[ 264 ] CVE-2010-3777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777
[ 265 ] CVE-2010-3778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778
[ 266 ] CVE-2010-4508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508
[ 267 ] CVE-2010-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074
[ 268 ] CVE-2011-0051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051
[ 269 ] CVE-2011-0053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053
[ 270 ] CVE-2011-0054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054
[ 271 ] CVE-2011-0055
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055
[ 272 ] CVE-2011-0056
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056
[ 273 ] CVE-2011-0057
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057
[ 274 ] CVE-2011-0058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058
[ 275 ] CVE-2011-0059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059
[ 276 ] CVE-2011-0061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061
[ 277 ] CVE-2011-0062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062
[ 278 ] CVE-2011-0065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065
[ 279 ] CVE-2011-0066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066
[ 280 ] CVE-2011-0067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067
[ 281 ] CVE-2011-0068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068
[ 282 ] CVE-2011-0069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069
[ 283 ] CVE-2011-0070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070
[ 284 ] CVE-2011-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071
[ 285 ] CVE-2011-0072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072
[ 286 ] CVE-2011-0073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073
[ 287 ] CVE-2011-0074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074
[ 288 ] CVE-2011-0075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075
[ 289 ] CVE-2011-0076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076
[ 290 ] CVE-2011-0077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077
[ 291 ] CVE-2011-0078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078
[ 292 ] CVE-2011-0079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079
[ 293 ] CVE-2011-0080
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080
[ 294 ] CVE-2011-0081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081
[ 295 ] CVE-2011-0082
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082
[ 296 ] CVE-2011-0083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083
[ 297 ] CVE-2011-0084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084
[ 298 ] CVE-2011-0085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085
[ 299 ] CVE-2011-1187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187
[ 300 ] CVE-2011-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202
[ 301 ] CVE-2011-1712
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712
[ 302 ] CVE-2011-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362
[ 303 ] CVE-2011-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363
[ 304 ] CVE-2011-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364
[ 305 ] CVE-2011-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365
[ 306 ] CVE-2011-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369
[ 307 ] CVE-2011-2370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370
[ 308 ] CVE-2011-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371
[ 309 ] CVE-2011-2372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372
[ 310 ] CVE-2011-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373
[ 311 ] CVE-2011-2374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374
[ 312 ] CVE-2011-2375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375
[ 313 ] CVE-2011-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376
[ 314 ] CVE-2011-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377
[ 315 ] CVE-2011-2378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378
[ 316 ] CVE-2011-2605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605
[ 317 ] CVE-2011-2980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980
[ 318 ] CVE-2011-2981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981
[ 319 ] CVE-2011-2982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982
[ 320 ] CVE-2011-2983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983
[ 321 ] CVE-2011-2984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984
[ 322 ] CVE-2011-2985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985
[ 323 ] CVE-2011-2986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986
[ 324 ] CVE-2011-2987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987
[ 325 ] CVE-2011-2988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988
[ 326 ] CVE-2011-2989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989
[ 327 ] CVE-2011-2990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990
[ 328 ] CVE-2011-2991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991
[ 329 ] CVE-2011-2993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993
[ 330 ] CVE-2011-2995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995
[ 331 ] CVE-2011-2996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996
[ 332 ] CVE-2011-2997
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997
[ 333 ] CVE-2011-2998
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998
[ 334 ] CVE-2011-2999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999
[ 335 ] CVE-2011-3000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000
[ 336 ] CVE-2011-3001
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001
[ 337 ] CVE-2011-3002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002
[ 338 ] CVE-2011-3003
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003
[ 339 ] CVE-2011-3004
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004
[ 340 ] CVE-2011-3005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005
[ 341 ] CVE-2011-3026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026
[ 342 ] CVE-2011-3062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062
[ 343 ] CVE-2011-3232
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232
[ 344 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 345 ] CVE-2011-3640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640
[ 346 ] CVE-2011-3647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647
[ 347 ] CVE-2011-3648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648
[ 348 ] CVE-2011-3649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649
[ 349 ] CVE-2011-3650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650
[ 350 ] CVE-2011-3651
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651
[ 351 ] CVE-2011-3652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652
[ 352 ] CVE-2011-3653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653
[ 353 ] CVE-2011-3654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654
[ 354 ] CVE-2011-3655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655
[ 355 ] CVE-2011-3658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658
[ 356 ] CVE-2011-3659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659
[ 357 ] CVE-2011-3660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660
[ 358 ] CVE-2011-3661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661
[ 359 ] CVE-2011-3663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663
[ 360 ] CVE-2011-3665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665
[ 361 ] CVE-2011-3670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670
[ 362 ] CVE-2011-3866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866
[ 363 ] CVE-2011-4688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688
[ 364 ] CVE-2012-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441
[ 365 ] CVE-2012-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442
[ 366 ] CVE-2012-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443
[ 367 ] CVE-2012-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444
[ 368 ] CVE-2012-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445
[ 369 ] CVE-2012-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446
[ 370 ] CVE-2012-0447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447
[ 371 ] CVE-2012-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449
[ 372 ] CVE-2012-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450
[ 373 ] CVE-2012-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451
[ 374 ] CVE-2012-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452
[ 375 ] CVE-2012-0455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455
[ 376 ] CVE-2012-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456
[ 377 ] CVE-2012-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457
[ 378 ] CVE-2012-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458
[ 379 ] CVE-2012-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459
[ 380 ] CVE-2012-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460
[ 381 ] CVE-2012-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461
[ 382 ] CVE-2012-0462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462
[ 383 ] CVE-2012-0463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463
[ 384 ] CVE-2012-0464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464
[ 385 ] CVE-2012-0467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467
[ 386 ] CVE-2012-0468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468
[ 387 ] CVE-2012-0469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469
[ 388 ] CVE-2012-0470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470
[ 389 ] CVE-2012-0471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471
[ 390 ] CVE-2012-0473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473
[ 391 ] CVE-2012-0474
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474
[ 392 ] CVE-2012-0475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475
[ 393 ] CVE-2012-0477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477
[ 394 ] CVE-2012-0478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478
[ 395 ] CVE-2012-0479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479
[ 396 ] CVE-2012-1937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937
[ 397 ] CVE-2012-1938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938
[ 398 ] CVE-2012-1939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939
[ 399 ] CVE-2012-1940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940
[ 400 ] CVE-2012-1941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941
[ 401 ] CVE-2012-1945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945
[ 402 ] CVE-2012-1946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946
[ 403 ] CVE-2012-1947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947
[ 404 ] CVE-2012-1948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948
[ 405 ] CVE-2012-1949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949
[ 406 ] CVE-2012-1950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950
[ 407 ] CVE-2012-1951
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951
[ 408 ] CVE-2012-1952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952
[ 409 ] CVE-2012-1953
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953
[ 410 ] CVE-2012-1954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954
[ 411 ] CVE-2012-1955
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955
[ 412 ] CVE-2012-1956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956
[ 413 ] CVE-2012-1957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957
[ 414 ] CVE-2012-1958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958
[ 415 ] CVE-2012-1959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959
[ 416 ] CVE-2012-1960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960
[ 417 ] CVE-2012-1961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961
[ 418 ] CVE-2012-1962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962
[ 419 ] CVE-2012-1963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963
[ 420 ] CVE-2012-1964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964
[ 421 ] CVE-2012-1965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965
[ 422 ] CVE-2012-1966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966
[ 423 ] CVE-2012-1967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967
[ 424 ] CVE-2012-1970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970
[ 425 ] CVE-2012-1971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971
[ 426 ] CVE-2012-1972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972
[ 427 ] CVE-2012-1973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973
[ 428 ] CVE-2012-1974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974
[ 429 ] CVE-2012-1975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975
[ 430 ] CVE-2012-1976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976
[ 431 ] CVE-2012-1994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994
[ 432 ] CVE-2012-3956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956
[ 433 ] CVE-2012-3957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957
[ 434 ] CVE-2012-3958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958
[ 435 ] CVE-2012-3959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959
[ 436 ] CVE-2012-3960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960
[ 437 ] CVE-2012-3961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961
[ 438 ] CVE-2012-3962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962
[ 439 ] CVE-2012-3963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963
[ 440 ] CVE-2012-3964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964
[ 441 ] CVE-2012-3965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965
[ 442 ] CVE-2012-3966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966
[ 443 ] CVE-2012-3967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967
[ 444 ] CVE-2012-3968
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968
[ 445 ] CVE-2012-3969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969
[ 446 ] CVE-2012-3970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970
[ 447 ] CVE-2012-3971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971
[ 448 ] CVE-2012-3972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972
[ 449 ] CVE-2012-3973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973
[ 450 ] CVE-2012-3975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975
[ 451 ] CVE-2012-3976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976
[ 452 ] CVE-2012-3977
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977
[ 453 ] CVE-2012-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978
[ 454 ] CVE-2012-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980
[ 455 ] CVE-2012-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982
[ 456 ] CVE-2012-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984
[ 457 ] CVE-2012-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985
[ 458 ] CVE-2012-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986
[ 459 ] CVE-2012-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988
[ 460 ] CVE-2012-3989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989
[ 461 ] CVE-2012-3990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990
[ 462 ] CVE-2012-3991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991
[ 463 ] CVE-2012-3992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992
[ 464 ] CVE-2012-3993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993
[ 465 ] CVE-2012-3994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994
[ 466 ] CVE-2012-3995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995
[ 467 ] CVE-2012-4179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179
[ 468 ] CVE-2012-4180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180
[ 469 ] CVE-2012-4181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181
[ 470 ] CVE-2012-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182
[ 471 ] CVE-2012-4183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183
[ 472 ] CVE-2012-4184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184
[ 473 ] CVE-2012-4185
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185
[ 474 ] CVE-2012-4186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186
[ 475 ] CVE-2012-4187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187
[ 476 ] CVE-2012-4188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188
[ 477 ] CVE-2012-4190
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190
[ 478 ] CVE-2012-4191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191
[ 479 ] CVE-2012-4192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192
[ 480 ] CVE-2012-4193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193
[ 481 ] CVE-2012-4194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194
[ 482 ] CVE-2012-4195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195
[ 483 ] CVE-2012-4196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196
[ 484 ] CVE-2012-4201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201
[ 485 ] CVE-2012-4202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202
[ 486 ] CVE-2012-4204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204
[ 487 ] CVE-2012-4205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205
[ 488 ] CVE-2012-4206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206
[ 489 ] CVE-2012-4207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207
[ 490 ] CVE-2012-4208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208
[ 491 ] CVE-2012-4209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209
[ 492 ] CVE-2012-4210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210
[ 493 ] CVE-2012-4212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212
[ 494 ] CVE-2012-4215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215
[ 495 ] CVE-2012-4216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216
[ 496 ] CVE-2012-5354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354
[ 497 ] CVE-2012-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829
[ 498 ] CVE-2012-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830
[ 499 ] CVE-2012-5833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833
[ 500 ] CVE-2012-5835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835
[ 501 ] CVE-2012-5836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836
[ 502 ] CVE-2012-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838
[ 503 ] CVE-2012-5839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839
[ 504 ] CVE-2012-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840
[ 505 ] CVE-2012-5841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841
[ 506 ] CVE-2012-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842
[ 507 ] CVE-2012-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843
[ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=
ertificates/
[ 509 ] Mozilla Foundation Security Advisory 2011-11
http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
[ 510 ] Mozilla Foundation Security Advisory 2011-34
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Network Security Services Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36093
VERIFY ADVISORY:
http://secunia.com/advisories/36093/
DESCRIPTION:
Some vulnerabilities have been reported in Network Security Services,
which can potentially be exploited by malicious people to bypass
certain security restrictions or to compromise a vulnerable system.
1) An error in the regular expression parser when matching common
names in certificates can be exploited to cause a heap-based buffer
overflow, e.g. via a specially crafted certificate signed by a
trusted CA or when a user accepts a specially crafted certificate.
2) An error exists in the parsing of certain certificate fields,
which can be exploited to e.g. get a client to accept a specially
crafted certificate by mistake.
SOLUTION:
Update to version 3.12.3 or later.
PROVIDED AND/OR DISCOVERED BY:
Red Hat credits:
1) Moxie Marlinspike
2) Dan Kaminsky
ORIGINAL ADVISORY:
https://bugzilla.redhat.com/show_bug.cgi?id=512912
https://bugzilla.redhat.com/show_bug.cgi?id=510251
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200907-0062 | CVE-2009-1168 | Cisco IOS In RFC4893 BGP Service disruption related to routing processing (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021. Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCsy86021. May trigger memory corruption and crash showing %%Software-forced reload error. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An unspecified error exists in the processing of BGP update
messages. constructed from more than 1000 autonomous
systems.
SOLUTION:
Update to a fixed version (please see the vendor advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol
4-Byte Autonomous System Number
Vulnerabilities
Advisory ID: cisco-sa-20090729-bgp
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Revision: 1.0
=========
For Public Release 2009 July 29 1600 UTC (GMT)
Summary
=======
Recent versions of Cisco IOS Software support RFC4893 ("BGP Support
for Four-octet AS Number Space") and contain two remote denial of
service (DoS) vulnerabilities when handling specific Border Gateway
Protocol (BGP) updates.
These vulnerabilities affect only devices running Cisco IOS Software
with support for four-octet AS number space (here after referred to as
4-byte AS number) and BGP routing configured.
The first vulnerability could cause an affected device to reload when
processing a BGP update that contains autonomous system (AS) path
segments made up of more than one thousand autonomous systems.
Cisco has released free software updates to address these
vulnerabilities.
No workarounds are available for the first vulnerability.
A workaround is available for the second vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Affected Products
=================
Vulnerable Products
+------------------
These vulnerabilities affect only devices running Cisco IOS and
Cisco IOS XE Software (here after both referred to as simply Cisco
IOS) with support for RFC4893 and that have been configured for
BGP routing.
The software table in the section "Software Versions and Fixes" of
this advisory indicates all affected Cisco IOS Software versions that
have support for RFC4893 and are affected by this vulnerability.
A Cisco IOS software version that has support for RFC4893 will allow
configuration of AS numbers using 4 Bytes. The following example
identifies a Cisco device that has 4 byte AS number support:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp ?
<1-65535> Autonomous system number
<1.0-XX.YY> 4 Octets Autonomous system number
Or:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp ?
<1-4294967295> Autonomous system number
<1.0-XX.YY> Autonomous system number
The following example identifies a Cisco device that has 2 byte AS
number support:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp ?
<1-65535> Autonomous system number
A router that is running the BGP process will contain a line in the
configuration that defines the autonomous system number (AS number),
which can be seen by issuing the command line interface (CLI) command
"show running-config".
The canonical textual representation of four byte AS Numbers is
standardized by the IETF through RFC5396 (Textual Representation of
Autonomous System (AS) Numbers). Two major ways for textual
representation have been defined as ASDOT and ASPLAIN. Cisco IOS
routers support both textual representations of AS numbers. For
further information about textual representation of four byte AS
numbers in Cisco IOS Software consult the document "Explaining 4-Byte
Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at
the following link:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html
Cisco IOS Software with support for RFC4893 is affected by both
vulnerabilities if BGP routing is configured using either ASPLAIN or
ASDOT notation.
The following example identifies a Cisco device that is configured
for BGP using ASPLAIN notation:
router bgp 65536
The following example identifies a Cisco device that is configured
for BGP using ASDOT notation:
router bgp 1.0
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link: http://www.cisco.com/warp/public/620/1.html
Products Confirmed Not Vulnerable
+--------------------------------
The following Cisco products are confirmed not vulnerable:
* Cisco IOS Software not explicitly mentioned in this Advisory
* Cisco IOS XR Software
* Cisco IOS NX-OS
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
RFC4271 has defined an AS number as a two-octet entity in BGP.
RFC4893 has defined an AS number as a four-octet entity in BGP.
The first vulnerability could cause an affected device to reload when
processing a BGP update that contains AS path segments made up of more
than one thousand autonomous systems. If an affected 4-byte AS number
BGP speaker receives a BGP update from a 2-byte AS number BGP speaker
that contains AS path segments made up of more than one thousand
autonomous systems, the device may crash with memory corruption, and
the error "%%Software-forced reload" will be displayed.
The following three conditions are required for successful
exploitation of this vulnerability:
* Affected Cisco IOS Software device is a 4-byte AS number BGP
speaker
* BGP peering neighbor is a 2-byte AS number BGP speaker
* BGP peering neighbor is capable of sending a BGP update with a
series of greater than one thousand AS numbers
Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR
Software, as a 2 byte AS number BGP speaker send BGP updates with
a maximum of 255 AS numbers. The following three conditions are
required for successful exploitation of this vulnerability:
* Affected Cisco IOS Software device is a 4-byte AS number BGP
speaker
* BGP peering neighbor is a 2-byte AS number BGP speaker
* BGP peering neighbor is capable of sending a non-RFC compliant
crafted BGP update message
This vulnerability is documented in Cisco Bug ID CSCta33973 and has
been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2009-2049.
Further information regarding Cisco support for 4-byte AS number is
available in "Cisco IOS BGP 4-Byte ASN Support" at the following
link:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability
CVSS Base Score - 7.1
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Availability Impact Complete
CVSS Temporal Score - 6.7
Exploitability Functional
Remediation Level Official-Fix
Report Confidence Confirmed
CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability
CVSS Base Score - 5.4
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Availability Impact Complete
CVSS Temporal Score - 4.5
Exploitability Functional
Remediation Level Official-Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerabilities described in this
document may result in a reload of the device. The issue could result
in repeated exploitation to cause an extended DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|----------+--------------------------------------------------------|
| Affected | |Recommended |
|12.0-Based| First Fixed Release | Release |
| Releases | | |
|----------+-------------------------------------------+------------|
|12.0 |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0DA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0DB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0DC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| |Releases up to and including 12.0(32)S11 | |
| |are not vulnerable; first fixed in | |
|12.0S |12.0(32)S14; | |
| | | |
| |Releases up to and including 12.0(33)S2 are| |
| |not vulnerable; first fixed in 12.0(33)S5 | |
|----------+-------------------------------------------+------------|
|12.0SC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0ST |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10|
| |are not vulnerable; first fixed in | |
| |12.0(32)SY9a. | |
|----------+-------------------------------------------+------------|
|12.0SZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0T |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0W |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0WC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0WT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0WX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XI |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XS |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| Affected | |Recommended |
|12.1-Based| First Fixed Release | Release |
| Releases | | |
|-------------------------------------------------------------------|
| There are no affected 12.1 based releases |
|-------------------------------------------------------------------|
| Affected | |Recommended |
|12.2-Based| First Fixed Release | Release |
| Releases | | |
|----------+-------------------------------------------+------------|
|12.2 |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2B |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2CX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2CY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2CZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2DA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2DD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2DX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EWA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2FX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2FY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2FZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IRA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IRB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IRC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2JA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2JK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2MB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2MC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2S |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SBC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SCA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SCB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SED |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SGA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SO |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2STE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| |Releases up to and including 12.2(33)SXI | |
|12.2SXI |are not vulnerable; CSCsy86021 first fixed | |
| |in 12.2(33)SXI2; CSCta33973 first fixed in | |
| |12.2(33)SXI3 | |
|----------+-------------------------------------------+------------|
|12.2SY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2T |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2TPC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XI |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XNA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XNB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XNC |12.2(33)XNC2 | |
|----------+-------------------------------------------+------------|
|12.2XND |12.2(33)XND1; available 25th August 2009 | |
|----------+-------------------------------------------+------------|
|12.2XO |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XS |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YO |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YS |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZYA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| Affected | |Recommended |
|12.3-Based| First Fixed Release | Release |
| Releases | | |
|-------------------------------------------------------------------|
| There are no affected 12.3 based releases |
|-------------------------------------------------------------------|
| Affected | |Recommended |
|12.4-Based| First Fixed Release | Release |
| Releases | | |
|----------+-------------------------------------------+------------|
|12.4 |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JDA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JDC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JDD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JMA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JMB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4MD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4MDA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4MR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4SW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| |Releases up to 12.4(24)T are not | |
|12.4T |vulnerable; first fixed in 12.4(24)T2 | |
| |available on 23-Oct-2009 | |
|----------+-------------------------------------------+------------|
|12.4XA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4YA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4YB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4YD |Not Vulnerable | |
+-------------------------------------------------------------------+
Cisco IOS XE Release Table
+-------------------------
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|----------+--------------------------------------------------------|
| Affected | |
| 2.1 | There are no affected 2.1 based releases |
| Releases | |
|----------+--------------------------------------------------------|
| Affected | |
| 2.2 | There are no affected 2.2 based releases |
| Releases | |
|----------+--------------------------------------------------------|
| Affected | Releases up to and including 2.3.1t are vulnerable; |
| 2.3 | First fixed in 2.3.2 |
| Releases | |
|----------+--------------------------------------------------------+
| Affected | Releases up to and including 2.4.0 are vulnerable; |
| 2.4 | First fixed in 2.4.1, available 25th August 2009 |
| Releases | |
+----------+--------------------------------------------------------+
Workarounds
===========
For the first vulnerability, there are no workarounds on the affected
device. Neighbors could be configured to discard routes that have
more than one thousand AS numbers in the AS-path segments. This
configuration will help prevent the further propagation of BGP
updates with the AS path segments made up of greater than one
thousand AS numbers.
Note: Configuring "bgp maxas-limit [value]" on the affected device
does not mitigate this vulnerability.
For the second vulnerability, configuring "bgp maxas-limit [value]"
on the affected device does mitigate this vulnerability. Cisco is
recommends using a conservative value of 100 to mitigate this
vulnerability.
Consult the document "Protecting Border Gateway Protocol for the
Enterprise" at the following link for additional best practices on
protecting BGP infrastructures:
http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized
telephone numbers, and instructions and e-mail addresses for use
in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of malicious exploitation of either of
these vulnerabilities, although we are aware of some customers who
have seen the first vulnerability triggered within their
infrastructures. Further investigation of those incidents seems to
indicate that the vulnerability has been accidentally triggered.
These vulnerabilities were discovered via internal product testing.
Status of this Notice: FINAL
============================
This information is Cisco Highly Confidential - Do not redistribute.
THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED
INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS
LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN
ERRORS OR OMIT IMPORTANT INFORMATION.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-------------------------------------------------------------------+
| Revision 1.0 | 2009-July-29 1600 | Initial public release |
+-------------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi
I6XwyRZTnktw7RSnT6Y/N1E=
=KmUm
-----END PGP SIGNATURE-----
| VAR-200907-0096 | CVE-2009-2049 | Cisco IOS In RFC4893 BGP Service disruption related to routing processing (DoS) Vulnerabilities |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973. Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCta33973. May trigger memory corruption and crash with \\%\\%Software-forced reload error. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An unspecified error exists in the processing of BGP update
messages. constructed from more than 1000 autonomous
systems.
SOLUTION:
Update to a fixed version (please see the vendor advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol
4-Byte Autonomous System Number
Vulnerabilities
Advisory ID: cisco-sa-20090729-bgp
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Revision: 1.0
=========
For Public Release 2009 July 29 1600 UTC (GMT)
Summary
=======
Recent versions of Cisco IOS Software support RFC4893 ("BGP Support
for Four-octet AS Number Space") and contain two remote denial of
service (DoS) vulnerabilities when handling specific Border Gateway
Protocol (BGP) updates.
These vulnerabilities affect only devices running Cisco IOS Software
with support for four-octet AS number space (here after referred to as
4-byte AS number) and BGP routing configured.
The first vulnerability could cause an affected device to reload when
processing a BGP update that contains autonomous system (AS) path
segments made up of more than one thousand autonomous systems.
Cisco has released free software updates to address these
vulnerabilities.
No workarounds are available for the first vulnerability.
A workaround is available for the second vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Affected Products
=================
Vulnerable Products
+------------------
These vulnerabilities affect only devices running Cisco IOS and
Cisco IOS XE Software (here after both referred to as simply Cisco
IOS) with support for RFC4893 and that have been configured for
BGP routing.
The software table in the section "Software Versions and Fixes" of
this advisory indicates all affected Cisco IOS Software versions that
have support for RFC4893 and are affected by this vulnerability.
A Cisco IOS software version that has support for RFC4893 will allow
configuration of AS numbers using 4 Bytes. The following example
identifies a Cisco device that has 4 byte AS number support:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp ?
<1-65535> Autonomous system number
<1.0-XX.YY> 4 Octets Autonomous system number
Or:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp ?
<1-4294967295> Autonomous system number
<1.0-XX.YY> Autonomous system number
The following example identifies a Cisco device that has 2 byte AS
number support:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp ?
<1-65535> Autonomous system number
A router that is running the BGP process will contain a line in the
configuration that defines the autonomous system number (AS number),
which can be seen by issuing the command line interface (CLI) command
"show running-config".
The canonical textual representation of four byte AS Numbers is
standardized by the IETF through RFC5396 (Textual Representation of
Autonomous System (AS) Numbers). Two major ways for textual
representation have been defined as ASDOT and ASPLAIN. Cisco IOS
routers support both textual representations of AS numbers. For
further information about textual representation of four byte AS
numbers in Cisco IOS Software consult the document "Explaining 4-Byte
Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at
the following link:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html
Cisco IOS Software with support for RFC4893 is affected by both
vulnerabilities if BGP routing is configured using either ASPLAIN or
ASDOT notation.
The following example identifies a Cisco device that is configured
for BGP using ASPLAIN notation:
router bgp 65536
The following example identifies a Cisco device that is configured
for BGP using ASDOT notation:
router bgp 1.0
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link: http://www.cisco.com/warp/public/620/1.html
Products Confirmed Not Vulnerable
+--------------------------------
The following Cisco products are confirmed not vulnerable:
* Cisco IOS Software not explicitly mentioned in this Advisory
* Cisco IOS XR Software
* Cisco IOS NX-OS
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
RFC4271 has defined an AS number as a two-octet entity in BGP.
RFC4893 has defined an AS number as a four-octet entity in BGP.
The first vulnerability could cause an affected device to reload when
processing a BGP update that contains AS path segments made up of more
than one thousand autonomous systems. If an affected 4-byte AS number
BGP speaker receives a BGP update from a 2-byte AS number BGP speaker
that contains AS path segments made up of more than one thousand
autonomous systems, the device may crash with memory corruption, and
the error "%%Software-forced reload" will be displayed.
The following three conditions are required for successful
exploitation of this vulnerability:
* Affected Cisco IOS Software device is a 4-byte AS number BGP
speaker
* BGP peering neighbor is a 2-byte AS number BGP speaker
* BGP peering neighbor is capable of sending a BGP update with a
series of greater than one thousand AS numbers
Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR
Software, as a 2 byte AS number BGP speaker send BGP updates with
a maximum of 255 AS numbers. The following three conditions are
required for successful exploitation of this vulnerability:
* Affected Cisco IOS Software device is a 4-byte AS number BGP
speaker
* BGP peering neighbor is a 2-byte AS number BGP speaker
* BGP peering neighbor is capable of sending a non-RFC compliant
crafted BGP update message
This vulnerability is documented in Cisco Bug ID CSCta33973 and has
been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2009-2049.
Further information regarding Cisco support for 4-byte AS number is
available in "Cisco IOS BGP 4-Byte ASN Support" at the following
link:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability
CVSS Base Score - 7.1
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Availability Impact Complete
CVSS Temporal Score - 6.7
Exploitability Functional
Remediation Level Official-Fix
Report Confidence Confirmed
CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability
CVSS Base Score - 5.4
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Availability Impact Complete
CVSS Temporal Score - 4.5
Exploitability Functional
Remediation Level Official-Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerabilities described in this
document may result in a reload of the device. The issue could result
in repeated exploitation to cause an extended DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|----------+--------------------------------------------------------|
| Affected | |Recommended |
|12.0-Based| First Fixed Release | Release |
| Releases | | |
|----------+-------------------------------------------+------------|
|12.0 |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0DA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0DB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0DC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| |Releases up to and including 12.0(32)S11 | |
| |are not vulnerable; first fixed in | |
|12.0S |12.0(32)S14; | |
| | | |
| |Releases up to and including 12.0(33)S2 are| |
| |not vulnerable; first fixed in 12.0(33)S5 | |
|----------+-------------------------------------------+------------|
|12.0SC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0ST |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10|
| |are not vulnerable; first fixed in | |
| |12.0(32)SY9a. | |
|----------+-------------------------------------------+------------|
|12.0SZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0T |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0W |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0WC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0WT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0WX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XI |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XS |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.0XW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| Affected | |Recommended |
|12.1-Based| First Fixed Release | Release |
| Releases | | |
|-------------------------------------------------------------------|
| There are no affected 12.1 based releases |
|-------------------------------------------------------------------|
| Affected | |Recommended |
|12.2-Based| First Fixed Release | Release |
| Releases | | |
|----------+-------------------------------------------+------------|
|12.2 |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2B |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2BZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2CX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2CY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2CZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2DA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2DD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2DX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EWA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2EZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2FX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2FY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2FZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IRA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IRB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IRC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2IXH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2JA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2JK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2MB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2MC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2S |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SBC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SCA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SCB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SED |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SEG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SGA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SO |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SRD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2STE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SVE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SXH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| |Releases up to and including 12.2(33)SXI | |
|12.2SXI |are not vulnerable; CSCsy86021 first fixed | |
| |in 12.2(33)SXI2; CSCta33973 first fixed in | |
| |12.2(33)SXI3 | |
|----------+-------------------------------------------+------------|
|12.2SY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2SZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2T |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2TPC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XI |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XNA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XNB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XNC |12.2(33)XNC2 | |
|----------+-------------------------------------------+------------|
|12.2XND |12.2(33)XND1; available 25th August 2009 | |
|----------+-------------------------------------------+------------|
|12.2XO |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XS |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2XW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YO |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YS |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2YZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZH |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZU |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.2ZYA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| Affected | |Recommended |
|12.3-Based| First Fixed Release | Release |
| Releases | | |
|-------------------------------------------------------------------|
| There are no affected 12.3 based releases |
|-------------------------------------------------------------------|
| Affected | |Recommended |
|12.4-Based| First Fixed Release | Release |
| Releases | | |
|----------+-------------------------------------------+------------|
|12.4 |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JDA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JDC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JDD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JMA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JMB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4JX |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4MD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4MDA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4MR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4SW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
| |Releases up to 12.4(24)T are not | |
|12.4T |vulnerable; first fixed in 12.4(24)T2 | |
| |available on 23-Oct-2009 | |
|----------+-------------------------------------------+------------|
|12.4XA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XC |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XD |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XE |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XF |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XG |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XJ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XK |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XL |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XM |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XN |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XP |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XQ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XR |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XT |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XV |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XW |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XY |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4XZ |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4YA |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4YB |Not Vulnerable | |
|----------+-------------------------------------------+------------|
|12.4YD |Not Vulnerable | |
+-------------------------------------------------------------------+
Cisco IOS XE Release Table
+-------------------------
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|----------+--------------------------------------------------------|
| Affected | |
| 2.1 | There are no affected 2.1 based releases |
| Releases | |
|----------+--------------------------------------------------------|
| Affected | |
| 2.2 | There are no affected 2.2 based releases |
| Releases | |
|----------+--------------------------------------------------------|
| Affected | Releases up to and including 2.3.1t are vulnerable; |
| 2.3 | First fixed in 2.3.2 |
| Releases | |
|----------+--------------------------------------------------------+
| Affected | Releases up to and including 2.4.0 are vulnerable; |
| 2.4 | First fixed in 2.4.1, available 25th August 2009 |
| Releases | |
+----------+--------------------------------------------------------+
Workarounds
===========
For the first vulnerability, there are no workarounds on the affected
device. Neighbors could be configured to discard routes that have
more than one thousand AS numbers in the AS-path segments. This
configuration will help prevent the further propagation of BGP
updates with the AS path segments made up of greater than one
thousand AS numbers.
Note: Configuring "bgp maxas-limit [value]" on the affected device
does not mitigate this vulnerability.
For the second vulnerability, configuring "bgp maxas-limit [value]"
on the affected device does mitigate this vulnerability. Cisco is
recommends using a conservative value of 100 to mitigate this
vulnerability.
Consult the document "Protecting Border Gateway Protocol for the
Enterprise" at the following link for additional best practices on
protecting BGP infrastructures:
http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized
telephone numbers, and instructions and e-mail addresses for use
in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of malicious exploitation of either of
these vulnerabilities, although we are aware of some customers who
have seen the first vulnerability triggered within their
infrastructures. Further investigation of those incidents seems to
indicate that the vulnerability has been accidentally triggered.
These vulnerabilities were discovered via internal product testing.
Status of this Notice: FINAL
============================
This information is Cisco Highly Confidential - Do not redistribute.
THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED
INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS
LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN
ERRORS OR OMIT IMPORTANT INFORMATION.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-------------------------------------------------------------------+
| Revision 1.0 | 2009-July-29 1600 | Initial public release |
+-------------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi
I6XwyRZTnktw7RSnT6Y/N1E=
=KmUm
-----END PGP SIGNATURE-----
| VAR-200907-0059 | CVE-2009-1165 | Cisco Wireless LAN Controller Memory leak vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789. plural Cisco Used in products Cisco Wireless LAN Controller Contains a memory leak vulnerability. The problem is Bug ID : CSCsw40789 It is a problem.By a third party SSH Service disruption via management connection (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to trigger an affected device to crash and reload, denying service to legitimate users.
This issue is being tracked by Cisco BugID CSCsw40789. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
Revision 1.0
For Public Release 2009 July 27 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
Multiple vulnerabilities exist in the Cisco Wireless LAN Controller
(WLC) platforms. This security advisory outlines the details of the
following vulnerabilities:
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
Cisco has released free software updates that address these
vulnerabilities.
* The SSH connections denial of service vulnerability affects
software versions 4.1 and later.
* The crafted HTTP or HTTPS request denial of service vulnerability
affects software versions 4.1 and later.
* The crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability affects software versions 4.1 and
later.
Determination of Software Versions
+---------------------------------
To determine the WLC version that is running in a given environment,
use one of the following methods:
* In the web interface, choose the Monitor tab, click Summary in
the left pane, and note the Software Version field.
Note: Customers who use a WLC Module in an Integrated Services
Router (ISR) will need to issue the service-module
wlan-controller 1/0 session command prior to performing the next
step on the command line. Customers who use a Cisco Catalyst
3750G Switch with an integrated WLC Module will need to issue the
session <Stack-Member-Number> processor 1 session command prior
to performing the next step on the command line.
* From the command-line interface, type show sysinfo and note the
Product Version field, as shown in the following example:
(Cisco Controller) >show sysinfo
Manufacturer's Name.. Cisco Systems Inc.
Product Name......... Cisco Controller
Product Version...... 5.1.151.0
RTOS Version......... Linux-2.6.10_mvl401
Bootloader Version... 4.0.207.0
Build Type........... DATA + WPS
<output suppressed>
Use the show wism module <module number> controller 1 status command
on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a
WiSM. Note the software version as demonstrated in the following
example, which shows version 5.1.151.0.
Router#show wism module 3 controller 1 status
WiSM Controller 1 in Slot 3
Operational Status of the Controller
: Oper-Up
Service VLAN
: 192
Service Port
: 10
Service Port Mac Address
: 0011.92ff.8742
Service IP Address
: 192.168.10.1
Management IP Address
: 192.168.1.123
Software Version
: 5.1.151.0
Port Channel Number
: 288
Allowed vlan list
: 30,40
Native VLAN ID
: 40
WCP Keep Alive Missed
: 0
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Wireless Controller 5500 Series is not affected by these
vulnerabilities.
Details
=======
Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide
wireless LAN functions, such as security policies, intrusion
prevention, RF management, quality of service (QoS), and mobility.
These devices communicate with controller-based access points over
any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the
Lightweight Access Point Protocol (LWAPP).
This security advisory describes multiple distinct vulnerabilities in
the WLC family of devices.
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
An attacker with access to the administrative web interface via
HTTP or HTTPS may cause the device to reload by providing a
malformed response to an authentication request.
Note: The vulnerability can be exploited only via the
administrative web-based interface; Web Authentication features
are not affected.
This vulnerability is documented in Cisco Bug ID CSCsx03715 and
has been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2009-1164.
* SSH connections denial of service vulnerability
Affected devices may be susceptible to a memory leak when they
handle SSH management connections.
Note: A three-way handshake is not required to exploit this
vulnerability.
This vulnerability is documented in Cisco Bug ID CSCsw40789 and
has been assigned CVE ID CVE-2009-1165.
Note: The vulnerability can be exploited only via the
administrative web-based interface; Web Authentication features
are not affected.
This vulnerability is documented in Cisco Bug ID CSCsy27708 and
has been assigned CVE ID CVE-2009-1166.
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
An unauthorized configuration modification vulnerability exists
in all software versions prior to the first fixed release. A
remote, unauthenticated attacker who can submit HTTP or HTTPS
requests to the WLC directly could gain full control of the
affected device.
Note: The vulnerability can be exploited only by submitting such
a request to an IP address that is bound to an administrative
interface or VLAN.
The vulnerability is documented by Cisco Bug ID CSCsy44672 and has
been assigned CVE ID CVE-2009-1167.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsw40789 - SSH connections denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability
+-----------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
=====
Successful exploitation of the denial of service (DoS)
vulnerabilities may cause the affected device to reload. Repeated
exploitation could result in a sustained DoS condition.
An unauthenticated, remote attacker may be able to use the
unauthorized configuration modification vulnerability to gain full
control over the Wireless LAN Controller if the attacker is able to
submit a crafted request directly to an administrative interface of
the affected device.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.comw/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
+------------------------------------------------------+
| Vulnerability/ | Affected | First | Recommended |
| Bug ID | Release | Fixed | Release |
| | | Version | |
|----------------+----------+------------+-------------|
| | 4.1 | Not | Not |
| | | Vulnerable | Vulnerable |
| |----------+------------+-------------|
| | 4.1M | Not | Not |
| | | Vulnerable | Vulnerable |
| |----------+------------+-------------|
| | 4.2 | 4.2.205.0 | 4.2.207.0 |
| |----------+------------+-------------|
| Malformed HTTP | 4.2M | Not | Not |
| or HTTPS | | Vulnerable | Vulnerable |
|authentication |----------+------------+-------------|
| response | | Migrate to | 5.2.193.0 |
| denial of | 5.0 | 5.2 or 6.0 | or |
| service | | | 6.0.182.0 |
|vulnerability |----------+------------+-------------|
| (CSCsx03715) | | Migrate to | 5.2.193.0 |
| | 5.1 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.178.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
|----------------+----------+------------+-------------|
| | 4.1 | Migrate to | 4.2.205.0 |
| | | 4.2 | |
| |----------+------------+-------------|
| | | | 5.2.193.0, |
| | | Migrate to | 6.0.182.0 |
| | 4.1M | 5.2, 6.0, | or |
| | | or 4.2M | 4.2.176.51 |
| | | | Mesh |
| |----------+------------+-------------|
| | 4.2 | 4.2.205.0 | 4.2.207.0 |
| |----------+------------+-------------|
| SSH | 4.2M | Not | Not |
| connections | | Vulnerable | Vulnerable |
|denial of |----------+------------+-------------|
| service | | Migrate to | 5.2.193.0 |
| vulnerability | 5.0 | 5.2 or 6.0 | or |
| (CSCsw40789) | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.1 | 5.1.163.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.178.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
|----------------+----------+------------+-------------|
| | 4.1 | Migrate to | 4.2.205.0 |
| | | 4.2 | |
| |----------+------------+-------------|
| | | | 5.2.193.0, |
| | | Migrate to | 6.0.182.0 |
| | 4.1 M | 5.2, 6.0, | or |
| | | or 4.2M | 4.2.176.51 |
| | | | Mesh |
| |----------+------------+-------------|
| | 4.2 | 4.2.205.0 | 4.2.207.0 |
| |----------+------------+-------------|
| Crafted HTTP | 4.2M | Not | Not |
| request may | | Vulnerable | Vulnerable |
|cause the WLC |----------+------------+-------------|
| to crash | | Migrate to | 5.2.193.0 |
| (CSCsy27708) | 5.0 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | Migrate to | 5.2.193.0 |
| | 5.1 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.191.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
|----------------+----------+------------+-------------|
| | 4.1 | Migrate to | 4.2.205.0 |
| | | 4.2 | |
| |----------+------------+-------------|
| | | | 5.2.193.0, |
| | | Migrate to | 6.0.182.0 |
| | 4.1M | 5.2, 6.0, | or |
| | | or 4.2M | 4.2.176.51 |
| | | | Mesh |
| |----------+------------+-------------|
| Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 |
|or HTTPS |----------+------------+-------------|
| request | 4.2M | Not | Not |
| unauthorized | | Vulnerable | Vulnerable |
|configuration |----------+------------+-------------|
| modification | 5.0 | Migrate to | 5.2.193.0, |
| vulnerability | | 5.2 or 6.0 | 6.0.182.0 |
|(CSCsy44672) |----------+------------+-------------|
| | | Migrate to | 5.2.193.0 |
| | 5.1 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.191.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
+------------------------------------------------------+
Workarounds
===========
The SSH connections denial of service vulnerability identified by
Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the
affected device. This workaround requires subsequent management of
the device to be performed using the HTTP/HTTPS web management
interface or the serial console of the device.
Additional mitigations that can be deployed on Cisco devices in the
network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing, or
otherwise using such software upgrades, customers agree to be bound by
the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
================================
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory at the time of
release.
The DoS vulnerability documented by CSCsw40789 was discovered during
the resolution of customer support cases.
The unauthorized configuration modification vulnerability documented
by CSCsy44672 was found during internal testing.
The DoS vulnerability documented by CSCsx03715 was discovered by
Christoph Bott of SySS GmbH.
The DoS vulnerability documented by CSCsy27708 was discovered by IBM
Research.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-July-27 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj
RTTknUlr0VuKxVZLT0f8+gQ=
=x8Ly
-----END PGP SIGNATURE-----
| VAR-200907-0061 | CVE-2009-1167 | Cisco Wireless LAN Controller Vulnerabilities whose settings are changed |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) Contains a vulnerability that can be changed. The problem is Bug ID : CSCsy44672 It is a problem.Skillfully crafted by a third party HTTP Or HTTPS Settings may be changed via request.
Successful exploits may allow attackers to modify configuration settings, which may compromise the affected device or aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCsy44672. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
Revision 1.0
For Public Release 2009 July 27 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
Multiple vulnerabilities exist in the Cisco Wireless LAN Controller
(WLC) platforms. This security advisory outlines the details of the
following vulnerabilities:
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
Cisco has released free software updates that address these
vulnerabilities.
* The SSH connections denial of service vulnerability affects
software versions 4.1 and later.
Determination of Software Versions
+---------------------------------
To determine the WLC version that is running in a given environment,
use one of the following methods:
* In the web interface, choose the Monitor tab, click Summary in
the left pane, and note the Software Version field.
Note: Customers who use a WLC Module in an Integrated Services
Router (ISR) will need to issue the service-module
wlan-controller 1/0 session command prior to performing the next
step on the command line. Customers who use a Cisco Catalyst
3750G Switch with an integrated WLC Module will need to issue the
session <Stack-Member-Number> processor 1 session command prior
to performing the next step on the command line.
* From the command-line interface, type show sysinfo and note the
Product Version field, as shown in the following example:
(Cisco Controller) >show sysinfo
Manufacturer's Name.. Cisco Systems Inc.
Product Name......... 5.1.151.0
RTOS Version......... Linux-2.6.10_mvl401
Bootloader Version... 4.0.207.0
Build Type........... DATA + WPS
<output suppressed>
Use the show wism module <module number> controller 1 status command
on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a
WiSM. Note the software version as demonstrated in the following
example, which shows version 5.1.151.0.
Router#show wism module 3 controller 1 status
WiSM Controller 1 in Slot 3
Operational Status of the Controller
: Oper-Up
Service VLAN
: 192
Service Port
: 10
Service Port Mac Address
: 0011.92ff.8742
Service IP Address
: 192.168.10.1
Management IP Address
: 192.168.1.123
Software Version
: 5.1.151.0
Port Channel Number
: 288
Allowed vlan list
: 30,40
Native VLAN ID
: 40
WCP Keep Alive Missed
: 0
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Wireless Controller 5500 Series is not affected by these
vulnerabilities.
Details
=======
Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide
wireless LAN functions, such as security policies, intrusion
prevention, RF management, quality of service (QoS), and mobility.
These devices communicate with controller-based access points over
any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the
Lightweight Access Point Protocol (LWAPP).
This security advisory describes multiple distinct vulnerabilities in
the WLC family of devices.
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
An attacker with access to the administrative web interface via
HTTP or HTTPS may cause the device to reload by providing a
malformed response to an authentication request.
Note: The vulnerability can be exploited only via the
administrative web-based interface; Web Authentication features
are not affected.
* SSH connections denial of service vulnerability
Affected devices may be susceptible to a memory leak when they
handle SSH management connections. An attacker could use this
behavior to cause an affected device to crash and reload.
Note: A three-way handshake is not required to exploit this
vulnerability.
Note: The vulnerability can be exploited only via the
administrative web-based interface; Web Authentication features
are not affected.
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
An unauthorized configuration modification vulnerability exists
in all software versions prior to the first fixed release. A
remote, unauthenticated attacker who can submit HTTP or HTTPS
requests to the WLC directly could gain full control of the
affected device.
Note: The vulnerability can be exploited only by submitting such
a request to an IP address that is bound to an administrative
interface or VLAN.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsw40789 - SSH connections denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability
+-----------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
=====
Successful exploitation of the denial of service (DoS)
vulnerabilities may cause the affected device to reload. Repeated
exploitation could result in a sustained DoS condition.
An unauthenticated, remote attacker may be able to use the
unauthorized configuration modification vulnerability to gain full
control over the Wireless LAN Controller if the attacker is able to
submit a crafted request directly to an administrative interface of
the affected device.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.comw/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
+------------------------------------------------------+
| Vulnerability/ | Affected | First | Recommended |
| Bug ID | Release | Fixed | Release |
| | | Version | |
|----------------+----------+------------+-------------|
| | 4.1 | Not | Not |
| | | Vulnerable | Vulnerable |
| |----------+------------+-------------|
| | 4.1M | Not | Not |
| | | Vulnerable | Vulnerable |
| |----------+------------+-------------|
| | 4.2 | 4.2.205.0 | 4.2.207.0 |
| |----------+------------+-------------|
| Malformed HTTP | 4.2M | Not | Not |
| or HTTPS | | Vulnerable | Vulnerable |
|authentication |----------+------------+-------------|
| response | | Migrate to | 5.2.193.0 |
| denial of | 5.0 | 5.2 or 6.0 | or |
| service | | | 6.0.182.0 |
|vulnerability |----------+------------+-------------|
| (CSCsx03715) | | Migrate to | 5.2.193.0 |
| | 5.1 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.178.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
|----------------+----------+------------+-------------|
| | 4.1 | Migrate to | 4.2.205.0 |
| | | 4.2 | |
| |----------+------------+-------------|
| | | | 5.2.193.0, |
| | | Migrate to | 6.0.182.0 |
| | 4.1M | 5.2, 6.0, | or |
| | | or 4.2M | 4.2.176.51 |
| | | | Mesh |
| |----------+------------+-------------|
| | 4.2 | 4.2.205.0 | 4.2.207.0 |
| |----------+------------+-------------|
| SSH | 4.2M | Not | Not |
| connections | | Vulnerable | Vulnerable |
|denial of |----------+------------+-------------|
| service | | Migrate to | 5.2.193.0 |
| vulnerability | 5.0 | 5.2 or 6.0 | or |
| (CSCsw40789) | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.1 | 5.1.163.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.178.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
|----------------+----------+------------+-------------|
| | 4.1 | Migrate to | 4.2.205.0 |
| | | 4.2 | |
| |----------+------------+-------------|
| | | | 5.2.193.0, |
| | | Migrate to | 6.0.182.0 |
| | 4.1 M | 5.2, 6.0, | or |
| | | or 4.2M | 4.2.176.51 |
| | | | Mesh |
| |----------+------------+-------------|
| | 4.2 | 4.2.205.0 | 4.2.207.0 |
| |----------+------------+-------------|
| Crafted HTTP | 4.2M | Not | Not |
| request may | | Vulnerable | Vulnerable |
|cause the WLC |----------+------------+-------------|
| to crash | | Migrate to | 5.2.193.0 |
| (CSCsy27708) | 5.0 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | Migrate to | 5.2.193.0 |
| | 5.1 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.191.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
|----------------+----------+------------+-------------|
| | 4.1 | Migrate to | 4.2.205.0 |
| | | 4.2 | |
| |----------+------------+-------------|
| | | | 5.2.193.0, |
| | | Migrate to | 6.0.182.0 |
| | 4.1M | 5.2, 6.0, | or |
| | | or 4.2M | 4.2.176.51 |
| | | | Mesh |
| |----------+------------+-------------|
| Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 |
|or HTTPS |----------+------------+-------------|
| request | 4.2M | Not | Not |
| unauthorized | | Vulnerable | Vulnerable |
|configuration |----------+------------+-------------|
| modification | 5.0 | Migrate to | 5.2.193.0, |
| vulnerability | | 5.2 or 6.0 | 6.0.182.0 |
|(CSCsy44672) |----------+------------+-------------|
| | | Migrate to | 5.2.193.0 |
| | 5.1 | 5.2 or 6.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | | | 5.2.193.0 |
| | 5.2 | 5.2.191.0 | or |
| | | | 6.0.182.0 |
| |----------+------------+-------------|
| | 6.0 | Not | Not |
| | | Vulnerable | Vulnerable |
+------------------------------------------------------+
Workarounds
===========
The SSH connections denial of service vulnerability identified by
Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the
affected device. This workaround requires subsequent management of
the device to be performed using the HTTP/HTTPS web management
interface or the serial console of the device.
Additional mitigations that can be deployed on Cisco devices in the
network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing, or
otherwise using such software upgrades, customers agree to be bound by
the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
================================
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory at the time of
release.
The DoS vulnerability documented by CSCsw40789 was discovered during
the resolution of customer support cases.
The unauthorized configuration modification vulnerability documented
by CSCsy44672 was found during internal testing.
The DoS vulnerability documented by CSCsx03715 was discovered by
Christoph Bott of SySS GmbH.
The DoS vulnerability documented by CSCsy27708 was discovered by IBM
Research.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-July-27 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
\xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj
RTTknUlr0VuKxVZLT0f8+gQ=
=x8Ly
-----END PGP SIGNATURE-----