VARIoT IoT vulnerabilities database
| VAR-200901-0402 | CVE-2008-5260 | AXIS Camera Control of CamImage.CamImage.1 ActiveX Control heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. Failed attacks will likely cause denial-of-service conditions.
Axis Camera Control 2.40.0.0 is vulnerable; other versions may also be vulnerable.
The vulnerability is confirmed in version 2.40.0.0. Prior versions
may also be affected.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2008-58/
Axis Communications:
http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
======================================================================
2) Severity
Rating: Highly critical
Impact: System compromise
Where: Remote
======================================================================
3) Vendor's Description of Software
"AXIS Camera Control (ActiveX component) makes it possible to view
Motion JPEG video streams from an Axis Network Video product directly
in Microsoft Development Tools and Microsoft Internet Explorer."
Product Link:
http://www.axis.com/techsup/software/acc/index.htm
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in AXIS Camera
Control, which can be exploited by malicious people to compromise a
user's system.
Successful exploitation allows execution of arbitrary code, but
requires that the user is tricked into visiting and clicking a
malicious web page.
======================================================================
5) Solution
The vendor recommends removing the ActiveX control and using
AXIS Media Control as a replacement.
======================================================================
6) Time Table
09/01/2009 - Vendor notified.
09/01/2009 - Vendor response.
23/01/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Alin Rad Pop, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-5260 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-58/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
| VAR-200901-0563 | No CVE | Multiple Sagem F@st Routers 'restoreinfo.cgi' Unauthorized Access Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Multiple Sagem F@st routers are prone to an unauthorized-access vulnerability.
Attackers can exploit this issue to reset the router, possibly resulting in denial-of-service conditions. Other security implications that could aid in further attacks may also occur.
The following routers are affected:
Sagem F@st 1200
Sagem F@st 1240
Sagem F@st 1400
Sagem F@st 1400W
Sagem F@st 1500
Sagem F@st 1500-WG
Sagem F@st 2404
| VAR-200905-0213 | CVE-2009-0897 | IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). IBM WebSphere Partner Gateway (WPG) is prone to an information-disclosure vulnerability.
Exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks.
WPG 6.1.0 and 6.1.1 are vulnerable. WebSphere Partner Gateway is a centralized, integrated B2B trading partner and transaction management tool
| VAR-200902-0034 | CVE-2009-0470 | Cisco IOS of HTTP Multiple cross-site scripting vulnerabilities in servers |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. This vulnerability CVE-2008-3821 Is a different vulnerability. IOS is prone to a cross-site scripting vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. In addition, attackers can also perform administrative operations through cross-site request forgery attacks. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IOS Cross-Site Scripting and Cross-Site Request Forgery
SECUNIA ADVISORY ID:
SA33844
VERIFY ADVISORY:
http://secunia.com/advisories/33844/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IOS 12.x
http://secunia.com/advisories/product/182/
Cisco IOS R12.x
http://secunia.com/advisories/product/50/
DESCRIPTION:
Zloss has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.
1) Input passed via the URL when executing commands is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
2) The device allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to potentially alter the
configuration of the device by tricking the user into visiting a
malicious web site.
The vulnerabilities are reported in Cisco IOS firmware version
12.4(23). Other versions may also be affected.
SOLUTION:
Filter malicious characters and character sequences in a proxy.
Do not visit untrusted websites while being logged in to the device.
PROVIDED AND/OR DISCOVERED BY:
Zloss
ORIGINAL ADVISORY:
http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0449 | CVE-2008-3818 | Cisco ONS Control Card Remote Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session. Cisco ONS is prone to a denial-of-service vulnerability when handling specially crafted TCP traffic.
An attacker can exploit this issue to cause the control cards in the affected devices to reload, denying service to legitimate users.
The following devices are affected:
Cisco ONS 15310-CL and 15310-MA
Cisco ONS 15327
Cisco ONS 15454 and 15454 SDH
Cisco ONS 15600
This issue is being tracked by Cisco BugID CSCsr41128. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco ONS Platform Crafted Packet
Vulnerability
Advisory ID: cisco-sa-20090114-ons
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
mitigations exist that can limit the exposure of this vulnerability. To determine your software
version, view the Help > About window on the CTC management
software). These control cards are usually connected to a
Data Communications Network (DCN). In this context the term DCN is
used to denote the network that transports management information
between a management station and the network entity (NE). This
definition of DCN is sometimes referred to as Management
Communication Network (MCN). The DCN is usually physically or
logically separated from the optical data network and isolated from
the Internet. This limits the exposure to the exploitation of this
vulnerability from the Internet.
A crafted stream of TCP traffic to the control cards on a node will
result in a reset of the corresponding control cards on this node. A
complete 3-way handshake is required on any open TCP port to be able
to exploit this vulnerability.
The timing for the data channels traversing the switch is provided by
the control cards.
When an active and a standby Cisco ONS 15310-MA, ONS 15310-CL, ONS
15327, ONS 15454 or ONS 15454 SDH control card reloads at the same
time, the synchronous data channels traversing the switch drop
traffic until the card comes back online. Asynchronous data channels
traversing the switch are not impacted. Manageability functions
provided by the network element using the CTX, CTX2500, XTC or TCC/
TCC+/TCC2/TCC2P control cards are not available until the control
card comes back online.
On the Cisco ONS 15600 hardware, whenever both the active and standby
control cards are rebooting at the same time, there is no impact to
the data channels traversing the switch because the TSC performs a
software reset which does not impact the timing being provided by the
TSC for the data channels.
Manageability functions provided by the network element through the
TSC control cards are not available until the control card comes back
online.
This vulnerability is documented in Cisco bug ID CSCsr41128
and has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-3818.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CVSS Base Score - 7.8
Access Vector : Network
Access Complexity : Low
Authentication : None
Confidentiality Impact: None
Integrity Impact : None
Availability Impact : Complete
CVSS Temporal Score - 6.4
Exploitability : Functional
Remediation Level : Official-Fix
Report Confidence : Confirmed
Impact
======
Successful exploitation of this vulnerability will result in a reset
of the node's control card. Repeated attempts to exploit this
vulnerability could result in a sustained DoS condition, dropping the
synchronous data channels traversing the switch (Cisco ONS 15310-MA,
ONS 15310-CL, ONS 15327, ONS 15454, ONS 15454 SDH) and preventing
manageability functions provided by the network element control cards
(all ONS switches) until the control card comes back online.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
+-------------------------------------------------------------------------+
| Affected Major Release | First Fixed Release |
|---------------------------------+---------------------------------------|
| 7.0 | Note: Releases prior to 7.0.2 are not |
| | vulnerable. First fixed in 7.0.7 |
|---------------------------------+---------------------------------------|
| 7.2 | Note: Releases prior to 7.2.2 are not |
| | vulnerable. First fixed in 7.2.3 |
|---------------------------------+---------------------------------------|
| 8.0 | Vulnerable; migrate to 8.5.3 or |
| | later. |
|---------------------------------+---------------------------------------|
| 8.5 | Note: Releases prior to 8.5.1 are not |
| | vulnerable. First fixed in 8.5.3 |
|---------------------------------+---------------------------------------|
| 9.0 | Not vulnerable. |
+-------------------------------------------------------------------------+
Note: Releases prior to 7.0 are not affected by this vulnerability.
Workarounds
===========
There are no workarounds for this vulnerability. The following
general mitigation actions help prevent remote exploitation:
* Isolate DCN:
Ensuring the DCN is physically or logically separated from the
customer network and isolated from the Internet will limit the
exposure to the exploitation of these vulnerabilities from the
Internet or customer networks.
* Apply Transit Access Control Lists:
Apply access control lists (ACLs) on routers / switches /
firewalls installed in front of the vulnerable network devices
such that TCP/IP traffic destined for the CTX, CTX2500, XTC, TCC2
/TCC2+/TCC2P, or TSC control cards on the ONS is allowed only
from the network management workstations.
For examples on how to apply ACLs on Cisco routers, refer to the
white paper "Transit Access Control Lists: Filtering at Your
Edge", which is available at the following link:
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090114-ons.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized
telephone numbers, and instructions and e-mail addresses for use in
various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found by reviewing Cisco TAC service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkluC5MACgkQ86n/Gc8U/uCIiwCfb0TgaYDql8VEjtERKMaqgHOm
h0oAniEObgEKjHbo+CHnJxfFFKhCr17o
=7xLg
-----END PGP SIGNATURE-----
| VAR-200901-0290 | CVE-2009-0053 | Cisco IronPort Encryption Appliance and Cisco IronPort PostX of PXE Encryption Vulnerability in obtaining decryption key |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error.". Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
The administration interface of IronPort Encryption Appliance devices
contains a cross-site request forgery (CSRF) vulnerability that could
allow an attacker to modify a user's IronPort Encryption Appliance
preferences, including their user name and personal security pass
phrase, if the user is logged into the IronPort Encryption Appliance
administration interface. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to access user accounts on an IronPort Encryption Appliance
device, which could result in the modification of user preferences.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B. Snyder of Brintech reported a method for obtaining PXE
Encryption user credentials via a phishing-style attack to Cisco.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0291 | CVE-2009-0054 | Cisco IronPort Encryption Appliance of PXE Encryption and Cisco IronPort PostX Vulnerabilities in which authentication information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
The administration interface of IronPort Encryption Appliance devices
contains a cross-site request forgery (CSRF) vulnerability that could
allow an attacker to modify a user's IronPort Encryption Appliance
preferences, including their user name and personal security pass
phrase, if the user is logged into the IronPort Encryption Appliance
administration interface. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to access user accounts on an IronPort Encryption Appliance
device, which could result in the modification of user preferences.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0304 | CVE-2009-0055 | Cisco IronPort Encryption Appliance and Cisco IronPort PostX Cross-site request forgery vulnerability in admin interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
message without user interaction. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B. Snyder of Brintech reported a method for obtaining PXE
Encryption user credentials via a phishing-style attack to Cisco.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0305 | CVE-2009-0056 | Cisco IronPort Encryption Appliance and Cisco IronPort PostX Cross-site request forgery vulnerability in admin interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action. Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.
Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
e-mail message that is sent to the recipient. The per-message key
used to decrypt the HTML file attachment is stored on a local
IronPort Encryption Appliance, PostX software installation or the
Cisco Registered Envelope Service, which is a Cisco-managed software
service.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
* All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4
* All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2
The version of software that is running on an IronPort Encryption
Appliance is located on the About page of the IronPort Encryption
Appliance administration interface.
Note: Customers should contact IronPort support to determine which
software fixes are applicable for their environment. Please consult
the Obtaining Fixed Software section of this advisory for more
information.
Products Confirmed Not Vulnerable
+--------------------------------
IronPort C, M and S-Series appliances are not affected by these
vulnerabilities. Although C-Series appliances can be configured to
use a local IronPort Encryption Appliance for per-message key
retention, the C-Series appliances are not vulnerable. The Cisco
Registered Envelope Service is not vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
message without user interaction. Using the decryption key, an
attacker could decrypt the contents of the secure e-mail message.
This vulnerability is documented in IronPort bug 8062 and has been
assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0053.
By modifying the contents of intercepted secure e-mail messages or by
forging a close copy of the e-mail message, it may be possible for an
attacker to convince a user to view a modified secure e-mail message
and then cause the exposure of the user's credentials and message
content. Please see the Workarounds section for more information on
mitigations available to reduce exposure to these phishing-style
attacks. This vulnerability is documented in IronPort bug 8149 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2009-0054. Exploitation of the vulnerability will not
allow an attacker to change a user's password. This vulnerability is
documented in IronPort bug 5806 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an
attacker to change a user's password. This vulnerability is
documented in IronPort bug 6403 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Access Complexity - High
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 5
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403
CVSS Base Score - 5.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - None
CVSS Temporal Score - 4.8
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
Successful exploitation of these vulnerabilities could allow an
attacker to obtain user credentials and view the contents of
intercepted secure e-mail messages, which could result in the
disclosure of sensitive information.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
Workarounds
===========
There are no workarounds for the vulnerabilities that are described
in this advisory.
There are mitigations available to help prevent exploitation of the
PXE Encryption phishing-style vulnerability. Phishing attacks can be
greatly reduced if DomainKeys Identified Mail (DKIM) and Sender
Policy Framework (SPF) are implemented on IronPort e-mail gateways to
help ensure message integrity and source origin. Additionally, the
PXE Encryption solution contains an anti-phishing Secure Pass Phrase
feature to ensure that secure notification e-mail messages are valid.
This feature is enabled by recipients when configuring their PXE user
profile. Cisco has released a best practices document that describes
several techniques to mitigate against the phishing-style attacks
that is available at the following link:
http://www.cisco.com/web/about/security/intelligence/bpiron.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. The affected products in this advisory are directly
supported by IronPort, and not via the Cisco TAC organization.
Customers should contact IronPort technical support at the link below
to obtain software fixes. IronPort technical support will assist
customers in determining the correct fixes and installation
procedures. Customers should direct all warranty questions to
IronPort technical support.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
http://www.ironport.com/support/contact_support.html
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
J.B. Snyder of Brintech reported a method for obtaining PXE
Encryption user credentials via a phishing-style attack to Cisco.
All other vulnerabilities were discovered by Cisco or reported by
customers.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA
A6WIz481vajHya3jIlp+/Xc=
=cFJ6
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Cisco IronPort Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33479
VERIFY ADVISORY:
http://secunia.com/advisories/33479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IronPort Encryption Appliance 6.x
http://secunia.com/advisories/product/20990/
SOFTWARE:
Cisco IronPort PostX 6.x
http://secunia.com/advisories/product/20991/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco IronPort products,
which can be exploited by malicious people to disclose sensitive
information or conduct cross-site request forgery attacks.
3) The web-based administration interface allows user to perform
certain actions via HTTP request without performing any validity
checks to verify the requests. This can be exploited to e.g.
http://www.ironport.com/support/contact_support.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits J.B. Snyder of Brintech
ORIGINAL ADVISORY:
Cisco (cisco-sa-20090114-ironport):
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0448 | CVE-2008-3821 |
Cisco IOS cross-site scripting vulnerability
Related entries in the VARIoT exploits database: VAR-E-200901-0317 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default. For more information, refer to the information provided by Cisco. NOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser.
These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The attacker may also perform cross-site request-forgery attacks on the same scripts and parameters. Other attacks may also be possible. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
1) Adrian Pastor and Richard J. Brain of ProCheckUp.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
ProCheckUp:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
JVN:
http://jvn.jp/en/jp/JVN28344798/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ProCheckup has posted a Security Advisory
titled "XSS on Cisco IOS HTTP Server" posted at
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
Cisco would like to thank Adrian Pastor and Richard J. A system that contains the IOS HTTP server or HTTP secure
server, but does not have it enabled, is not affected.
To determine if the HTTP server is running on your device, issue the
show ip http server status | include status and the show ip http
server secure status | include status commands at the prompt and look
for output similar to:
Router#show ip http server status | include status
HTTP server status: Enabled
HTTP secure server status: Enabled
If the device is not running the HTTP server, you should see output
similar to:
Router#show ip http server status | include status
HTTP server status: Disabled
HTTP secure server status: Disabled
These vulnerabilities are documented in the following Cisco bug IDs:
* Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server
Special Characters are not escaped in URL strings sent to the
HTTP server.
* Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter)
Special Characters are not escaped in URL strings sent to the
HTTP server, via the ping parameter. The ping parameter is used
both by external applications such as Router and Security Device
Manager (SDM) as well as a direct HTTP session to Cisco IOS http
server.
These vulnerabilities are independent of each other. These vulnerabilities have been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821.
Workaround
+---------
If the HTTP server is not used for any legitimate purposes on the
device, it is a best practice to disable it by issuing the following
commands in configure mode:
no ip http server
no ip http secure-server
If the HTTP server is required, it is a recommended best practice to
control which hosts may access the HTTP server to only trusted
sources. To control which hosts can access the HTTP server, you can
apply an access list to the HTTP server. To apply an access list to
the HTTP server, use the following command in global configuration
mode:
ip http access-class {access-list-number | access-list-name}
The following example shows an access list that allows only trusted
hosts to access the Cisco IOS HTTP server:
ip access-list standard 20
permit 192.168.1.0 0.0.0.255
remark "Above is a trusted subnet"
remark "Add further trusted subnets or hosts below"
! (Note: all other access implicitly denied)
! (Apply the access-list to the http server)
ip http access-class 20
For additional information on configuring the Cisco IOS HTTP server,
consult Using the Cisco Web Browser User Interface.
For additional information on cross-site scripting attacks and the
methods used to exploit these vulnerabilities, please refer to the
Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting
(XSS) Threat Vectors", which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml
Further Problem Description
+--------------------------
This vulnerability is about escaping characters in the URL that are
sent to the HTTP server. The fix for this
vulnerability is to escape special characters in the URL string
echoed in the response generated by the web exec application.
Software Version and Fixes
+-------------------------
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) describes a release
train and the platforms or products for which it is intended. If a
given release train is vulnerable, then the earliest possible
releases that contain the fix (the "First Fixed Release") and the
anticipated date of availability for each are listed in the "Rebuild"
and "Maintenance" columns. A device running a release in the given
train that is earlier than the release in a specific column (less
than the First Fixed Release) is known to be vulnerable. The release
should be upgraded at least to the indicated release or a later
version (greater than or equal to the First Fixed Release label).
For more information on the terms "Rebuild" and "Maintenance,"
consult the following URL:
http://www.cisco.com/warp/public/620/1.html
+----------------------------------------+
| Major | Availability of Repaired |
| Release | Releases |
|------------+---------------------------|
| Affected | First Fixed | Recommended |
| 12.0-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | 12.0(33)S3; | |
| 12.0S | Available | |
| | on | |
| | 03-APR-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SC | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SL | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0SP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0ST | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SX | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SY | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SZ | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.0(3c)W5 |
| 12.0W | first fixed | (8) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0WC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0WT | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.0(4)XI2 | |
| | are | |
| | vulnerable, | |
| 12.0XI | release | 12.4(15) |
| | 12.0(4)XI2 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XN | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.1-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1AA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AY | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1CX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1E | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1EA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.1EB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.1EC | first fixed | SCA212.2 |
| | in 12.3BC | (33)SCB12.3 |
| | | (23)BC6 |
|------------+-------------+-------------|
| 12.1EO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.1EU | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.1EV | first fixed | S1212.2(33) |
| | in 12.4 | SB312.4(15) |
| | | T812.4(23) |
|------------+-------------+-------------|
| | | 12.2(31) |
| | Vulnerable; | SGA912.2 |
| 12.1EW | first fixed | (50)SG12.4 |
| | in 12.4 | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1EY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.1(5)YE6 | |
| | are | |
| | vulnerable, | |
| 12.1YE | release | 12.4(15) |
| | 12.1(5)YE6 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1YI | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1YJ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.2-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2BC | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.2BX | first fixed | SB312.4(15) |
| | in 12.4 | T812.4(23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CX | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CY | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2CZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EW | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EWA | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| 12.2EX | 12.2(40)EX | 12.2(44)EX1 |
|------------+-------------+-------------|
| | 12.2(44)EY; | 12.2(46)EY; |
| 12.2EY | Available | Available |
| | on | on |
| | 30-JAN-2009 | 23-JAN-2009 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2EZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2FY | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.2IRA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IRB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2S | first fixed | 12.2(20)S12 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | 12.2(33) | |
| | SB12.2(31) | |
| 12.2SB | SB14; | 12.2(33)SB3 |
| | Available | |
| | on | |
| | 16-JAN-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SBC | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2SCA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SCB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SE | 12.2(40)SE | 12.2(44)SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEB | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEC | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SED | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEE | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEF | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2SEG | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| 12.2SG | 12.2(44)SG | 12.2(50)SG |
|------------+-------------+-------------|
| 12.2SGA | 12.2(31) | 12.2(31) |
| | SGA9 | SGA9 |
|------------+-------------+-------------|
| 12.2SL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SM | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRA | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRB | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| 12.2SRC | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SRD | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2STE | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2SU | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2SV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SW | first fixed | 12.4(15)T8 |
| | in 12.4SW | |
|------------+-------------+-------------|
| 12.2SX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXH | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SXI | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SY | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2XF | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(20) |
| | | S1212.2(33) |
| | | SB312.2(33) |
| 12.2XN | 12.2(33)XN1 | SRC312.2 |
| | | (33) |
| | | XNA212.2 |
| | | (33r)SRD2 |
|------------+-------------+-------------|
| 12.2XNA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2XNB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | 12.2(46)XO; | 12.2(46)XO; |
| 12.2XO | Available | Available |
| | on | on |
| | 02-FEB-2009 | 02-FEB-2009 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YH | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YM | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2YN | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YQ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YS | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2YT | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YU | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YW | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.2(13)ZC | |
| | are | |
| 12.2ZC | vulnerable, | |
| | release | |
| | 12.2(13)ZC | |
| | and later | |
| | are not | |
| | vulnerable; | |
|------------+-------------+-------------|
| 12.2ZD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZF | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2ZJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZU | migrate to | |
| | any release | |
| | in 12.2SXH | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZX | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2ZY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZYA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.3-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3BW | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3EU | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.3JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3JL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3T | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3VA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XD | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XI | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XL | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XQ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XS | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XW | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XX | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XY | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XZ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3YA | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YF | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YH | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YI | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YM | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YQ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YS | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YX | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3ZA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.4-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| 12.4 | 12.4(16) | 12.4(23) |
|------------+-------------+-------------|
| 12.4JA | 12.4(16b)JA | 12.4(16b) |
| | | JA1 |
|------------+-------------+-------------|
| 12.4JDA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 |
|------------+-------------+-------------|
| 12.4JMA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JMB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(16b) |
| 12.4JX | first fixed | JA1 |
| | in 12.4JA | |
|------------+-------------+-------------|
| 12.4MD | 12.4(15)MD | 12.4(15)MD2 |
|------------+-------------+-------------|
| 12.4MR | 12.4(16)MR | |
|------------+-------------+-------------|
| 12.4SW | 12.4(11)SW3 | 12.4(15)T8 |
|------------+-------------+-------------|
| 12.4T | 12.4(15)T | 12.4(15)T8 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XB | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XC | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XE | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XM | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XN | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4XQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XR | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | | 12.4(11) |
| | | XW10; |
| 12.4XW | 12.4(11)XW3 | Available |
| | | on |
| | | 22-JAN-2009 |
|------------+-------------+-------------|
| 12.4XY | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XZ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4YA | Not | |
| | Vulnerable | |
+----------------------------------------+
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y
JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke
=cGUi
-----END PGP SIGNATURE-----
| VAR-200901-0453 | CVE-2008-4444 | Cisco Unified IP Phone Service disruption in (DoS) Or arbitrary code execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers. Cisco Unified IP Phone 7960G and 7940G are prone to a denial-of-service vulnerability
An attacker can exploit this issue to cause the affected phones to reboot, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. Cisco Unified IP Phone is a set of unified IP phone solutions of Cisco (Cisco). Once the call is
established, the media content is carried by the RTP protocol. Cisco released a patched firmware on October 21, 2008 which is
described in the bug identifier CSCsu22285 (Cisco Unified IP Phone 7960G
and 7940G (SIP) Release Notes for Firmware Release 8.10).
Credits:
--------
* This vulnerability was discovered by Gabriel Campana and Laurent Butti
from France Telecom / Orange
| VAR-200901-0729 | CVE-2009-1696 | plural Apple In product Safari Vulnerability that can track user sessions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Multiple web browsers are prone to a cross-domain information-disclosure vulnerability.
An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.
The following browsers are vulnerable:
Microsoft Internet Explorer
Mozilla Firefox
Apple Safari
Google Chrome
Opera
Other browsers may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0751 | CVE-2009-1685 | plural Apple In product document.implementation Property handling cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. WebKit is prone to a cross-domain scripting vulnerability.
A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. If a user is tricked into visiting a malicious site, the document.implementation of an embedded or parent document provided by a different security zone will be overwritten. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0758 | CVE-2009-1703 | Apple Safari of WebKit Information disclosure vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0752 | CVE-2009-1707 | Apple Safari of" Safari ”Reset” vulnerability for reading stored website passwords |
CVSS V2: 1.2 CVSS V3: - Severity: LOW |
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Apple Safari is prone to a local information-disclosure vulnerability.
A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. Apple Safari \"WebKit\" After hitting the \"Reset\" key of \"Reset Saved Names and Passwords\" in the \"Reset Safari\" menu option, Safari may take up to 30 seconds to clear the password. Users who have accessed the system during this window of time can access stored credentials. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes). ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0748 | CVE-2009-1701 | plural Apple In product JavaScript DOM Vulnerability to execute arbitrary code related to implementation |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. A use-after-free vulnerability exists in Apple Safari's \"WebKit\" handling of the JavaScript DOM.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3613
-- Disclosure Timeline:
2009-02-09 - Vulnerability reported to vendor
2009-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* wushi & ling of team509
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0735 | CVE-2009-1682 | Apple Safari In EV Certificate processing vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted webservers. This will aid in further attacks.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. A bug in Safari's handling of EV certificates could lead to bypassing revocation checks, which could allow pages to load without issuing a revoked EV certificate warning. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0736 | CVE-2009-1718 | Apple Safari of WebKit Information disclosure vulnerability in drug events |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-200901-0746 | CVE-2009-1694 | plural Apple Any redirection process in the product Web Vulnerability to read images from sites |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue.". WebKit is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. A cross-site graphics fetching and access control vulnerability in Apple Safari \"WebKit\" could allow malicious websites to use canvas and redirection to load and grab graphics from other websites.
For more information:
SA35379
SA35449
SA35581
SA37396
SOLUTION:
Apply updated packages. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1950 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote (local)
Debian-specific: no
CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714
CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693
CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692
Debian Bug : 532724 532725 534946 535793 538346
Several vulnerabilities have been discovered in webkit, a Web content engine
library for Gtk+. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation
failures, which allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a crafted HTML
document that triggers write access to an "offset of a NULL pointer."
CVE-2009-1690
Use-after-free vulnerability in WebKit, allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) by setting an unspecified property of an HTML tag that causes child
elements to be freed and later accessed when an HTML error occurs, related to
"recursion in certain DOM event handlers."
CVE-2009-1698
WebKit does not initialize a pointer during handling of a Cascading Style Sheets
(CSS) attr function call with a large numerical argument, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
CVE-2009-1711
WebKit does not properly initialize memory for Attr DOM objects, which allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted HTML document.
CVE-2009-1712
WebKit does not prevent remote loading of local Java applets, which allows
remote attackers to execute arbitrary code, gain privileges, or obtain sensitive
information via an APPLET or OBJECT element.
CVE-2009-1725
WebKit do not properly handle numeric character references, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
CVE-2009-1710
WebKit allows remote attackers to spoof the browser's display of the host name,
security indicators, and unspecified other UI elements via a custom cursor in
conjunction with a modified CSS3 hotspot property.
CVE-2009-1697
CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP
headers and bypass the Same Origin Policy via a crafted HTML document, related
to cross-site scripting (XSS) attacks that depend on communication with
arbitrary web sites on the same server through use of XMLHttpRequest without a
Host header.
CVE-2009-1695
Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to
inject arbitrary web script or HTML via vectors involving access to frame
contents after completion of a page transition.
CVE-2009-1684
Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to
inject arbitrary web script or HTML via an event handler that triggers script
execution in the context of the next loaded document.
CVE-2009-1692
WebKit allows remote attackers to cause a denial of service (memory consumption
or device reset) via a web page containing an HTMLSelectElement object with a
large length attribute, related to the length property of a Select object.
For the stable distribution (lenny), these problems has been fixed in
version 1.0.1-4+lenny2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.1.16-1.
We recommend that you upgrade your webkit package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz
Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc
Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL
V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s
=DBEQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities
| VAR-200901-0732 | CVE-2009-1704 | Apple Safari of CFNetwork In any JavaScript Code execution vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. Apple Safari is prone to a weakness that may allow attackers to run arbitrary script code.
Attackers may exploit this issue through social engineering or through exploiting other latent vulnerabilities to execute arbitrary script code in the context of the victim.
This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7 and on Microsoft Windows XP and Vista.
NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.
NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:
35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. Files of type Apple Safari \"WebKit\"safe are displayed by Safari after downloading without warning the user. A vulnerability in Safari could prevent the file type confirmation of some local graphics files. In this case, Safari examines the contents of these files and may process them as HTML. If the file contains JavaScript, it will be executed in the local safe environment. Downloaded files should not be executed without prompting the user. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA34723
3) Some vulnerabilities in libpng can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3613
Chris Evans:
http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES:
SA33970:
http://secunia.com/advisories/33970/
SA34723:
http://secunia.com/advisories/34723/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------