VARIoT IoT vulnerabilities database

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: PHP-Nuke "modules/Search/index.php" SQL Injection SECUNIA ADVISORY ID: SA28624 VERIFY ADVISORY: http://secunia.com/advisories/28624/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: PHP-Nuke 8.x http://secunia.com/product/13524/ DESCRIPTION: Foster & 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving the administrator password hash, but requires that "magic_quotes_gpc" is disabled - not the value recommended by the installer - and having knowledge of the database table prefix. The vulnerability is confirmed in version 8.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Set "magic_quotes_gpc" in php.ini to On. Use another product. PROVIDED AND/OR DISCOVERED BY: Foster & 1dt.w0lf ORIGINAL ADVISORY: http://milw0rm.com/exploits/4965 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Some errors within the HTTP Server can be exploited to cause a DoS or to conduct cross-site scripting attacks. For more information: SA26273 SA26636 2) An unspecified error when receiving certain requests can be exploited to cause a DoS. This affects Windows systems with the following urgent corrections applied. * TP08940 * TP38940 3) An unspecified error when using SSL can be exploited to cause a DoS. This affects Solaris systems with the following urgent corrections applied. * T023AS-03 Please see the vendor advisory for a list of affected products. SOLUTION: The vendor has released patches for certain versions. Please see vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html OTHER REFERENCES: SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Some errors within the HTTP Server can be exploited to cause a DoS or to conduct cross-site scripting attacks. For more information: SA26273 SA26636 2) An unspecified error when receiving certain requests can be exploited to cause a DoS. This affects Windows systems with the following urgent corrections applied. * TP08940 * TP38940 3) An unspecified error when using SSL can be exploited to cause a DoS. This affects Solaris systems with the following urgent corrections applied. * T023AS-03 Please see the vendor advisory for a list of affected products. SOLUTION: The vendor has released patches for certain versions. Please see vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html OTHER REFERENCES: SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible. The issue affects firmware version 3.01.53; other versions may also be vulnerable. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. The vulnerability is caused due to missing authentication checks when accessing the SaveCfgFile.cgi script, which can be exploited to disclose sensitive information like the router's password. Note: If remote management is enabled, this can also be exploited from people outside the local network. SOLUTION: Restrict access to the device or use it in trusted network environments only. Reportedly, the vendor is working on a fix. A fixed beta version should be available soon, a final version is planned to be released before end of February. PROVIDED AND/OR DISCOVERED BY: DarkFig ORIGINAL ADVISORY: http://milw0rm.com/exploits/4941 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters. Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to alter administrative configuration on affected devices. Specifically, altering the wireless encryption settings on devices has been demonstrated. Other attacks may also be possible. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. The vulnerability is caused due to the device allowing users to perform certain actions via HTTP requests, without checking the validity of the request or proper authentication of the user sending the request. This can be exploited by malicious people to e.g. disable the encryption of the wireless network by tricking a user into visiting a malicious site. SOLUTION: Visit trusted sites only. Use a firewall to restrict access to the affected device. PROVIDED AND/OR DISCOVERED BY: WarGame/DoomRiderz ORIGINAL ADVISORY: http://vx.netlux.org/wargamevx/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. The OKI C5510MFP Printer is prone to an unauthorized-access vulnerability because it obtains configuration details and administrator passwords in an insecure manner. An attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: OKI C5510MFP Configuration Interface Security Issues SECUNIA ADVISORY ID: SA28553 VERIFY ADVISORY: http://secunia.com/advisories/28553/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: OKI C5550MFP http://secunia.com/product/17253/ DESCRIPTION: Compass Security AG has reported two security issues in OKI C5510MFP, which can be exploited by malicious people to disclose sensitive information and to bypass certain security restrictions. 1) A security issue is caused due to the configuration of the printer being sent in clear text when connecting to TCP ports 5548 or 7777. This can be exploited to obtain the administration password by connecting to the affected ports. 2) The problem is that the password can be reset without authentication. This can be exploited to gain access to the configuration interface. Other versions may also be affected. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Compass Security AG ORIGINAL ADVISORY: http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. An attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: OKI C5510MFP Configuration Interface Security Issues SECUNIA ADVISORY ID: SA28553 VERIFY ADVISORY: http://secunia.com/advisories/28553/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: OKI C5550MFP http://secunia.com/product/17253/ DESCRIPTION: Compass Security AG has reported two security issues in OKI C5510MFP, which can be exploited by malicious people to disclose sensitive information and to bypass certain security restrictions. 1) A security issue is caused due to the configuration of the printer being sent in clear text when connecting to TCP ports 5548 or 7777. This can be exploited to obtain the administration password by connecting to the affected ports. 2) The problem is that the password can be reset without authentication. This can be exploited to gain access to the configuration interface. Other versions may also be affected. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Compass Security AG ORIGINAL ADVISORY: http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. MiniWeb is prone to a directory-traversal vulnerability and a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to gain access to files outside the webroot, execute arbitrary code within the context of the affected application, or crash the application. This issue affects MiniWeb 0.8.19; other versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MiniWeb HTTP Server Buffer Overflow and Directory Traversal SECUNIA ADVISORY ID: SA28512 VERIFY ADVISORY: http://secunia.com/advisories/28512/ CRITICAL: Highly critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote SOFTWARE: MiniWeb HTTP Server 0.x http://secunia.com/product/14459/ DESCRIPTION: Hamid Ebadi has discovered two vulnerabilities in MiniWeb HTTP Server, which can be exploited by malicious people to disclose sensitive information, to cause a DoS (Denial of Service), or to potentially compromise a vulnerable system. 1) A boundary error exists within the "_mwProcessReadSocket()" function in http.c. This can be exploited to cause a heap-based buffer overflow via a URL that is 3600-4000 characters long. Successful exploitation of this vulnerability allows performing a DoS (Denial of Service) or the potential execution of arbitrary code. 2) Input passed in the URL to the "mwGetLocalFileName()" function in http.c is not properly sanitised before being used. This can be exploited to display arbitrary files with directory traversal attacks of the form ".%2e/.%2e/" or "%2e%2e/%2e%2e/". The vulnerabilities are confirmed in version 0.8.19. SOLUTION: Restrict access to the web service. Use another product. PROVIDED AND/OR DISCOVERED BY: Hamid Ebadi ORIGINAL ADVISORY: http://www.bugtraq.ir/adv/miniweb_english.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. MiniWeb is prone to a directory-traversal vulnerability and a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to gain access to files outside the webroot, execute arbitrary code within the context of the affected application, or crash the application. This issue affects MiniWeb 0.8.19; other versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MiniWeb HTTP Server Buffer Overflow and Directory Traversal SECUNIA ADVISORY ID: SA28512 VERIFY ADVISORY: http://secunia.com/advisories/28512/ CRITICAL: Highly critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote SOFTWARE: MiniWeb HTTP Server 0.x http://secunia.com/product/14459/ DESCRIPTION: Hamid Ebadi has discovered two vulnerabilities in MiniWeb HTTP Server, which can be exploited by malicious people to disclose sensitive information, to cause a DoS (Denial of Service), or to potentially compromise a vulnerable system. 1) A boundary error exists within the "_mwProcessReadSocket()" function in http.c. Successful exploitation of this vulnerability allows performing a DoS (Denial of Service) or the potential execution of arbitrary code. 2) Input passed in the URL to the "mwGetLocalFileName()" function in http.c is not properly sanitised before being used. This can be exploited to display arbitrary files with directory traversal attacks of the form ".%2e/.%2e/" or "%2e%2e/%2e%2e/". The vulnerabilities are confirmed in version 0.8.19. SOLUTION: Restrict access to the web service. Use another product. PROVIDED AND/OR DISCOVERED BY: Hamid Ebadi ORIGINAL ADVISORY: http://www.bugtraq.ir/adv/miniweb_english.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. Cisco Unified Communications Manager (CUCM) and CallManager Contains a heap overflow vulnerability. Attackers can exploit this issue to execute arbitrary code or to cause denial-of-service conditions. Authentication is not required to exploit this vulnerability. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. The vulnerability is due to a loop that occurs during receive of socket data. An initial buffer is allocated at 0x19000 bytes, as can bee seen here. .text:00406077 191A8 68+ push 19000h ; size_t .text:0040607C 191AC FF+ call ds:__imp_malloc .text:00406082 191AC 83+ add esp, 10h .text:00406085 1919C 89+ mov [edi+14h], eax .text:00406088 1919C 85+ test eax, eax .text:0040608A 1919C 0F+ jz loc_406238 Once allocated data is read in 0x19000 chunks. If more than 0x4000 bytes of data are left on the socket we loop again as can be seen here. .text:004060A5 191AC FF+ push dword ptr [ebp-14h] ; size_t .text:004060A8 191B0 8D+ lea eax, [ebp-1919Ch] .text:004060AE 191B0 50 push eax ; void * .text:004060AF 191B4 8B+ mov eax, [edi+14h] .text:004060B2 191B4 03+ add eax, [ebp-1Ch] .text:004060B5 191B4 50 push eax ; void * .text:004060B6 191B8 E8+ call memcpy .text:004060B6 191B8 2F+ .text:004060BB 191B8 B8+ mov eax, 16384 .text:004060C0 191B8 83+ add esp, 1Ch .text:004060C3 1919C 39+ cmp [ebp-14h], eax .text:004060C6 1919C 75+ jnz short loc_4060F8 .text:004060C8 1919C 50 push eax ; int .text:004060C9 191A0 68+ push offset str__ErrDExceeds16k ; 'err %d exceeds 16K' .text:004060CE 191A4 8D+ lea eax, [ebp-88h] .text:004060D4 191A4 68+ push 80000h ; int .text:004060D9 191A8 50 push eax ; int .text:004060DA 191AC E8+ call log_message .text:004060DA 191AC B7+ .text:004060DF 191AC 83+ add esp, 10h .text:004060E2 1919C 81+ add dword ptr [ebp-1Ch], 4000h .text:004060E9 1919C 68+ push offset str__MaybeThereIsMoreData__readAgain ; "Maybe there is more data..Read again" .text:004060EE 191A0 68+ push 10000h .text:004060F3 191A4 E9+ jmp loc_405FFF This will continue until heap chunks are overwritten at the users control, which can be exploited to overwrite memory and further lead to arbitrary code execution. -- Vendor Response: http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml -- Disclosure Timeline: 2007.06.04 - Vulnerability reported to vendor 2008.01.16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Cody Pierce - TippingPoint DVLabs. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Successful exploitation allows execution of arbitrary code. CUCM 4.0: Update to a fixed version of CUCM 4.1 or later. CUCM 4.1: Update to CUCM 4.1(3)SR5c, CUCM 4.1(3)SR6, or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-41?psrtdcat20e2 CUCM 4.2: Update to CUCM 4.2(3)SR3 or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-42?psrtdcat20e2 CUCM 4.3: Update to CUCM 4.3(1)SR1, CUCM 4.3(1)SR1a, or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-43?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: Cody Pierce, TippingPoint DVLabs ORIGINAL ADVISORY: TPTI-08-02: http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 Cisco (100345): http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. There is a workaround for this vulnerability. Cisco has made free software available to address these vulnerabilities for affected customers. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0027 has been assigned to this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml. CUCM Versions 3.3, 4.0, 4.1 and 5.0 retain the Cisco Unified CallManager name. Products Confirmed Not Vulnerable +-------------------------------- CUCM Versions 3.3, 5.0, 5.1, 6.0, 6.1 and Cisco CallManager Express are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= Cisco Unified Communications Manager (CUCM) is the call processing component of the Cisco IP telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. The CTL contains public keys and other information to allow the Cisco IP Phone devices to establish a trusted relationship with a CUCM server. The CTL is provisioned using the CTL Provider service on a CUCM server and with the CTL Provider client on an administrator workstation. The CTL Provider service needs to be enabled during the initial configuration of a CUCM server /cluster or when changes are required to the CTL. Please consult the Workarounds section of this advisory for information on how to determine if the CTL Provider service is enabled on a CUCM server. The CTL Provider service listens on TCP port 2444 by default, but the port can be modified by the user. This issue is documented in Cisco Bug ID CSCsj22605. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS Version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsj22605 - CUCM CTL Provider Heap Overflow Vulnerability CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability may result in a DoS condition or the execution of arbitrary code. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== It is possible to workaround the vulnerability by disabling the CTL Provider service when not in use. Access to the CTL Provider service is required for the initial configuration of the CUCM authentication and encryption features, or during configuration updates. For the CUCM 4.x systems, please consult the following documentation for details on how to disable the CUCM services: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a008070ec49.html Filtering traffic to the affected CUCM systems on screening devices can be used as a mitigation technique for this vulnerability. To mitigate the CTL Producer service overflow, access to TCP port 2444 should be permitted only between the CUCM servers and administrator workstations running the CTL Provider client. There is currently no supported method to configure filtering directly on a CUCM system. It is possible to change the default ports of the CTL Provider (TCP port 2444) service. If changed, filtering should be based on the port value used. The value of the port can be viewed in CUCM Administration interface by following the System > Service Parameters menu and selecting the CTL Provider service. Filters blocking access to TCP port 2444 should be deployed at the network edge as part of a transit access control list (tACL). Further information about transit access control lists is available in the white paper "Transit Access Control Lists: Filtering at Your Edge," which is available at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20080116-cucmctl.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Fixed software for CUCM can be obtained here: +-------------------------------------------------+ | CUCM | Fixed | Recommended | Download | | Version | Release | Release | Location | |---------+---------+-------------+---------------| | | | Upgrade to | | | CUCM | | a fixed | | | 4.0 | N/A | Version of | N/A | | | | CUCM 4.1 or | | | | | later | | |---------+---------+-------------+---------------| | | | | http:// | | | CUCM | CUCM 4.1(3) | www.cisco.com | | CUCM | 4.1(3) | SR6 or | /pcgi-bin/ | | 4.1 | SR5c | later | tablebuild.pl | | | | | /callmgr-41? | | | | | psrtdcat20e2 | |---------+---------+-------------+---------------| | | | | http:// | | | CUCM | CUCM 4.2(3) | www.cisco.com | | CUCM | 4.2(3) | SR3 or | /pcgi-bin/ | | 4.2 | SR3 | later | tablebuild.pl | | | | | /callmgr-42? | | | | | psrtdcat20e2 | |---------+---------+-------------+---------------| | | | | http:// | | | CUCM | CUCM 4.3(1) | www.cisco.com | | CUCM | 4.3(1) | SR1a or | /pcgi-bin/ | | 4.3 | SR1 | later | tablebuild.pl | | | | | /callmgr-43? | | | | | psrtdcat20e2 | +-------------------------------------------------+ Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by TippingPoint. Cisco would like to thank TippingPoint for reporting this vulnerability and working with us towards resolution of this problem. Status of This Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml. In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-January-16 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkeOKKYACgkQ86n/Gc8U/uDywwCfVk/A68YckSgZ070lK8aW10By djAAnR/h+tI2S3/7csJyQHrHeZ7Nrhbz =h46X -----END PGP SIGNATURE-----

Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users. This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected. Cisco VPN Client is a set of cross-platform VPN client software from Cisco. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. This can be exploited to cause a memory corruption within kernel space by sending specially crafted IOCTLs to the affected driver, resulting in a system crash. The vulnerability is reported in CVPNDRVA.sys version 5.0.02.0090. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: mu-b, Digit-Labs ORIGINAL ADVISORY: http://milw0rm.com/exploits/4911 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Launch Services, Mail, NFS, Parental Controls, and Terminal. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. 3) An error in the handling of file:// URLs in Mail can be exploited to execute arbitrary applications without warning when a user is enticed to click on a URL within a message. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Launch Services, Mail, NFS, Parental Controls, and Terminal. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. 3) An error in the handling of file:// URLs in Mail can be exploited to execute arbitrary applications without warning when a user is enticed to click on a URL within a message. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Launch Services, Mail, NFS, Parental Controls, and Terminal. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. If the system is used as an NFS client or server, a malicious NFS server or client can cause the system to shut down unexpectedly or execute arbitrary commands. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. 3) An error in the handling of file:// URLs in Mail can be exploited to execute arbitrary applications without warning when a user is enticed to click on a URL within a message. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Launch Services, Mail, NFS, Parental Controls, and Terminal. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. Apple Mac Operating System X 10.5 to 10.5.1, its Launch service is an API for opening applications, document files, or URLs in a manner similar to Finder or Dock. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 3) An error in the handling of file:// URLs in Mail can be exploited to execute arbitrary applications without warning when a user is enticed to click on a URL within a message. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Launch Services, Mail, NFS, Parental Controls, and Terminal. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. 3) An error in the handling of file:// URLs in Mail can be exploited to execute arbitrary applications without warning when a user is enticed to click on a URL within a message. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. Attackers with physical access to the device can exploit this issue to gain unauthorized access to applications. This may aid in various attacks, including information disclosure. Versions prior to iPhone 1.1.3 and 2.1 are vulnerable. Apple iPhone is a smart phone of Apple (Apple). ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28497 VERIFY ADVISORY: http://secunia.com/advisories/28497/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, System access WHERE: >From remote OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/ Apple iPod touch 1.x http://secunia.com/product/16074/ DESCRIPTION: Two vulnerabilities and a security issue have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or to compromise a vulnerable device. 1) An unspecified error in the handling of URLs exists in Safari. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. This security issue is reported in iPhone v1.0 through v1.1.2 only. 3) An error in Safari can be exploited by malicious people to conduct cross-site scripting attacks. For more information see vulnerability #21 in: SA28136 SOLUTION: Update to version 1.1.3 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307302 OTHER REFERENCES: SA28136: http://secunia.com/advisories/28136/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. Microsoft Excel for, Excel There is a memory corruption vulnerability due to a flaw in the handling of file headers.crafted by a third party Excel The file may lead to arbitrary code execution. Microsoft Excel is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. There are multiple code execution vulnerabilities in the way of processing data when Excel imports files, the way of processing Style record data, the way of processing conditional format values, and the way of processing macros. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. NOTE: According to Microsoft, this is currently being actively exploited. SOLUTION: Do not open untrusted Excel files. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day. ORIGINAL ADVISORY: Microsoft (KB947563): http://www.microsoft.com/technet/security/advisory/947563.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-071A Microsoft Updates for Multiple Vulnerabilities Original release date: March 11, 2008 Last revised: -- Source: US-CERT Systems Affected * Microsoft Office * Microsoft Outlook * Microsoft Excel * Microsoft Excel Viewer * Microsoft Office for Mac * Microsoft Office Web Componenets Overview Microsoft has released updates that address vulnerabilities in Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. For more information, see the US-CERT Vulnerability Notes Database. II. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the March 2008 security bulletin. The security bulletin describe any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft March 2008 updates - <http://www.kb.cert.org/vuls/byid?searchview&query=ms08-mar> * Microsoft Security Bulletin Summary for March 2008 - <http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx> * Microsoft Update - <https://www.update.microsoft.com/microsoftupdate/> * Windows Server Update Services - <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-071A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-071A Feedback VU#393305" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR9b0APRFkHkM87XOAQLTUwf9HHlM9vQfwMpmCv77RuJKdZgdn5bNTPQA HjsABoxmVZzE4XnArclHPyMivO8x/oel6UFvZgG/h2oGFarK7h1WpvCFQKE/cNO8 c5o0tRhxMx+ri7w7DnkhmhbWTLQ8coqKjzAioKoc2mboNz+PamQO22INjS3ktOyL dRA+qwxSsPN3Bi7NDS2DOdUeAA+VdMn0cQTDLHJ7ZPhzy7JOiVXwQwyO3CwNDeOl C6+FGSk8o1BsMjdP6kRaGnQkgivBi1ID4dcAQA8h0K2IGDPkCBIYiGTvj9pNnpwZ lrP6DdHyd2idzGEXr2R0VlTQPrhabs+YpZq+qzVh6f2tg+Lc9xBwHg== =aCnE -----END PGP SIGNATURE-----

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. Apple QuickTime is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects versions prior to QuickTime 7.4 running on the following operating systems: Mac OS X 10.3.9 Mac OS X 10.4.9 or later Mac OS X 10.5 or later Microsoft Windows XP Microsoft Windows Vista. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-016A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: January 16, 2008 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X running versions of QuickTime prior to 7.4 * Microsoft Windows running versions of QuickTime prior to 7.4 Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.4 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.4. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.4. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.4 Update - <http://docs.info.apple.com/article.html?artnum=307301> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple - QuickTime - Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-016A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-016A Feedback VU#818697" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History January 16, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR45mevRFkHkM87XOAQLP6AgAj7J4sy83ZWEKfcDb2brgHptxAwqvArkZ HzV+5lGg1A86V4/MARlxXctWv5JH3e2knx5ZoMUN8napP9VEag2Ra68Zdh9lKu1S nfCRRwcIj38iakuv7xKrNt1AJHj3rHguzCjvWu8gHEJtlb15zqVr97Ci9LuNdLP3 W4hdsIxuzYQl7Ou5+j0Z9bhH1WWZRjmabsop+b0ApxeZI2F6mJn0rscRvxPQYBls ims6CP7YseK4+ElJHAMEJfW/6gPhwyedjgesd0jssYvhtYdufn4OCZvwL+p9QSlQ +E+UKcws4BHlEpg0dQhA13REQxwqqMgSWdm3NU8hbGdEJAJGH0cYNQ== =emKJ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28502 VERIFY ADVISORY: http://secunia.com/advisories/28502/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a vulnerable system. 2) An error exists in the processing of Macintosh Resources embedded in QuickTime movies. 3) An error in the parsing of malformed Image Descriptor (IDSC) atoms can be exploited to cause a heap corruption via a specially crafted movie file. 4) A boundary error exists within the processing of compressed PICT images and can be exploited to cause a buffer overflow. QuickTime 7.4 for Leopard: http://www.apple.com/support/downloads/quicktime74forleopard.html QuickTime 7.4 for Tiger: http://www.apple.com/support/downloads/quicktime74fortiger.html QuickTime 7.4 for Panther: http://www.apple.com/support/downloads/quicktime74forpanther.html QuickTime 7.4 for Windows: http://www.apple.com/support/downloads/quicktime74forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Joe Schottman of Virginia Tech 2) Jun Mao, VeriSign iDefense Labs. 3) Cody Pierce, TippingPoint DVLabs 4) The vendor credits Chris Ries, Carnegie Mellon University Computing Services ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307301 TippingPoint DVLabs: http://dvlabs.tippingpoint.com/advisory/TPTI-08-01 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------