VARIoT IoT vulnerabilities database

Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters. Apple Xcode Core Image Fun House is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.funhouse' file. Successfully exploiting this issue will allow the attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Apple Xcode 2.0 through 3.0 are vulnerable. Xcode is the development tool used on Apple machines. The Xcode tools include a sample app called Core Image Fun House for working with content with the .funhouse extension. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Xcode tools Vulnerability and Security Issue SECUNIA ADVISORY ID: SA31060 VERIFY ADVISORY: http://secunia.com/advisories/31060/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ Apple Xcode 3.x http://secunia.com/product/19297/ DESCRIPTION: A vulnerability and a security issue have been reported in Xcode tools, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. 1) A boundary error in the handling of .funhouse files in CoreImage Examples can be exploited to cause a buffer overflow when a user is tricked into opening a specially crafted .funhouse file. Successful exploitation allows execution of arbitrary code. 2) An error in WebObjects exists within the handling of session IDs where the session ID is always appended to the URL generated by WOHyperlink. This may lead to the disclosure of session IDs when generating URLs to other web sites. The vulnerability and security issue is reported in versions prior to 3.1. SOLUTION: Update to version 3.1. PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, Netragard 2) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2352 Netragard: http://www.netragard.com/pdfs/research/NETRAGARD-20080630-FUNHOUSE.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: VitalQIP DNS Cache Poisoning Vulnerability SECUNIA ADVISORY ID: SA31447 VERIFY ADVISORY: http://secunia.com/advisories/31447/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Lucent VitalQIP 6.x http://secunia.com/product/3094/ VitalQIP 7.x http://secunia.com/product/15829/ DESCRIPTION: Alcatel-Lucent has acknowledged a vulnerability in VitalQIP, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the product not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache. SOLUTION: The vendor recommends consulting alert documents 08-0555,08-0562, and 08-0565. https://alerts.lucent.com/alerts/ Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Dan Kaminsky, IOActive CHANGELOG: US-CERT VU#800113: http://www.kb.cert.org/vuls/id/800113 ORIGINAL ADVISORY: http://www1.alcatel-lucent.com/psirt/statements/2008003/DNScache.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB. FirePass is prone to a denial-of-service vulnerability in the SNMP daemon. An attacker can exploit this issue to cause the affected application to crash, resulting in a denial-of-service condition. F5 FirePass SSL VPN devices allow users to securely connect to critical business applications. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: F5 FirePass 1200 SSL VPN SNMP Denial of Service SECUNIA ADVISORY ID: SA30965 VERIFY ADVISORY: http://secunia.com/advisories/30965/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: FirePass 5.x http://secunia.com/product/4695/ FirePass 6.x http://secunia.com/product/13146/ DESCRIPTION: nnposter has reported a vulnerability in F5 FirePass 1200 SSL VPN, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when traversing certain OID branches (e.g. hrSWInstalled in HOST-RESOURCES-MIB / OID 1.3.6.1.2.1.25.6) and can be exploited to crash the daemon. The vulnerability is reported in version 6.0.2 hotfix 3. Other versions may also be affected. PROVIDED AND/OR DISCOVERED BY: nnposter ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2008-07/0037.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. This update adds .xht and .xhtm files to the system's list of content types that are marked as unsafe under certain circumstances, such as when downloaded from a web page. Although these content types are not automatically loaded, manually opening them can lead to malicious payloads being executed. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Permissions license and access control issues exist in the Dock component of Apple Mac OS X prior to 10.5.4. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ServerView is an asset management tool for automated analysis and version maintenance.  There are multiple stack overflow vulnerabilities in some components of the ServerView Web interface (such as SnmpGetMibValues.exe). If a remote attacker sends a malicious URL request to the Web interface, these overflows can be triggered, causing arbitrary instructions to be executed.

Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Commtouch Anti-Spam Enterprise Gateway 4 and 5 are vulnerable; other versions may also be affected. Commtouch Anti-Spam is an enterprise-level anti-spam protection platform developed by Israel Commtouch Company. The Commtouch Anti-Spam product regularly sends email reports to users, listing the blocked suspicious spam emails, and then users can click related links in the emails to confirm whether suspicious emails should be released. If an attacker sends an email message containing a malicious link, the user is tricked into clicking the link in the message, which can lead to a cross-site scripting attack. Input passed to the "PARAMS" parameter in AntiSpamGateway/UPM/English/login/login.asp is not properly sanitised before being returned to a user. The vulnerability is reported in version 4 and 5. SOLUTION: Filter malicious characters and character sequences using a web proxy. PROVIDED AND/OR DISCOVERED BY: Erez Metula ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062955.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. The problem is Bug ID : CSCsj90843 It is a problem.Please refer to the “Overview” for the impact of this vulnerability. Attackers can exploit this issue to gain read-only access to potentially sensitive information about a CUCM cluster. Information harvested can aid in further attacks. The following versions of CUCM are affected: 4.2 prior to 4.2(3)SR4 4.3 prior to 4.3(2)SR1 5.0 prior to 5.1(3c) 6.0 prior to 6.1(2) Unified CallManager 4.1 versions are also affected. In normal operation, Real-Time Monitoring Tool (RTMT) clients collect CUCM cluster statistics by authenticating to the Simple Object Access Protocol (SOAP)-based web interface, which proxies the authenticated connection to the RIS data collector process. 1) An unspecified error in the Computer Telephony Integration (CTI) Manager service can be exploited to cause a DoS by sending a specially crafted packet to port 2748/TCP. information about performance statistics, user names, and configured IP phones. PROVIDED AND/OR DISCOVERED BY: VoIPshield CHANGELOG: 2008-06-26: Added links to VoIPshield. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml VoIPshield: http://www.voipshield.com/research-details.php?id=64 http://www.voipshield.com/research-details.php?id=65 http://www.voipshield.com/research-details.php?id=66 http://www.voipshield.com/research-details.php?id=67 http://www.voipshield.com/research-details.php?id=68 http://www.voipshield.com/research-details.php?id=69 http://www.voipshield.com/research-details.php?id=70 http://www.voipshield.com/research-details.php?id=71 http://www.voipshield.com/research-details.php?id=72 http://www.voipshield.com/research-details.php?id=73 http://www.voipshield.com/research-details.php?id=74 http://www.voipshield.com/research-details.php?id=75 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. By a remote attacker, TCP port 2748 Service disruption through unauthorized network traffic to (DoS) There is a possibility of being put into a state.Please refer to the “Overview” for the impact of this vulnerability. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability because it fails to handle malformed input. An attacker can exploit this issue to cause an interruption in voice services. This issue is documented by Cisco Bug ID CSCso75027. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml. Administrators of systems that are running CUCM versions 5.x and 6.x can determine the software version by viewing the main page of the CUCM administration interface. The software version can also be determined by running the command show version active via the command line interface (CLI). No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager (CUCM) is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. The CTI Manager service listens by default on TCP port 2748 and is not user-configurable. There is no workaround for this vulnerability. This vulnerability is fixed in CUCM versions 5.1(3c) and 6.1(2). Real-Time Information Server Data Collector Related Vulnerability The Real-Time Information Server (RIS) Data Collector service of CUCM versions 4.x, 5.x, and 6.x contains an authentication bypass vulnerability that may result in the unauthorized disclosure of certain CUCM cluster information. In normal operation, Real-Time Monitoring Tool (RTMT) clients gather CUCM cluster statistics by authenticating to a Simple Object Access Protocol (SOAP) based web interface. The SOAP interface proxies authenticated connections to the RIS Data Collector process. The RIS Data Collector service listens on TCP port 2556 by default and is user configurable. By connecting directly to the port that the RIS Data Collector process listens on, it may be possible to bypass authentication checks and gain read-only access to information about a CUCM cluster. The information available includes performance statistics, user names, and configured IP phones. This information may be used to mount further attacks. No passwords or other sensitive CUCM configuration may be obtained via this vulnerability. No CUCM configuration changes can be made. There is no workaround for this vulnerability. This vulnerability is fixed in CUCM versions 4.2(3)SR4, 4.3(2)SR1, 5.1(3), and 6.1(1). Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCso75027 - CTI Manager TSP Crash CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed CSCsq35151 - RISDC Authentication Bypass CVSS Base Score - 5 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed CSCsj90843 - RISDC Authentication Bypass CVSS Base Score - 5 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities in this advisory may result in the interruption of voice services or disclosure of information useful for reconnaissance. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Cisco Unified CallManager 4.1 version administrators are encouraged to upgrade to CUCM version 4.2(3)SR4 in order to obtain fixed software. Version 4.2(3)SR4 can be downloaded at the following link: http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280264388&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20CallManager%20Version%204.2&isPlatform=N&treeMdfId=278875240&modifmdid=null&imname=null&hybrid=Y&imst=N CUCM version 4.3(2)SR1 contains fixes for all vulnerabilities affecting CUCM version 4.3 listed in this advisory and is scheduled to be released in mid-July, 2008. Version 4.3(2)SR1 will be available for download at the following link: http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280771554&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%204.3&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N CUCM version 5.1(3c) contains fixes for all vulnerabilities affecting CUCM version 5.x listed in this advisory. Version 5.1(3c) can downloaded at the following link: http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=null&isPlatform=Y&mdfid=280735907&sftType=Unified%20Communications%20Manager%20Updates&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20Communications%20Manager%20Version%205.1&mdfLevel=Software%20Version/Option&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N CUCM version 6.1(2) contains fixes for all vulnerabilities affecting CUCM version 6.x listed in this advisory. Version 6.1(2) can be downloaded at the following link: http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=281023410&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%206.1&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N Workarounds =========== CTI Manager Related Vulnerability It is possible to mitigate the CTI Manager vulnerability (CSCso75027) by implementing filtering on screening devices. Administrators are advised to permit access to TCP port 2748 only from networks that contain systems running CTI-enabled applications. RIS Data Collector Related Vulnerability It is possible to mitigate the RIS Data Collector vulnerability (CSCsq35151 and CSCsj90843) by implementing filtering on screening devices. Administrators are advised to permit access to TCP port 2556 only from other CUCM cluster systems. It is possible to change the default port (TCP 2556) of the RIS Data Collector service. If changed, filtering should be based on the values used. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20080625-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. We would like to thank VoIPshield for working with us towards the goal of keeping Cisco networks and the Internet, as a whole, secure. Status of this Notice: FINAL THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-June-25 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/ products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. -----BEGIN PGP SIGNATURE----- iD8DBQFIYmPu86n/Gc8U/uARAnjvAJ9P4Ph/Lcj8OcF1ptXKm75OHJeNuQCfdcS2 N0WGH2mNx0asIo4pzmCb4VE= =/vU7 -----END PGP SIGNATURE----- . PROVIDED AND/OR DISCOVERED BY: VoIPshield CHANGELOG: 2008-06-26: Added links to VoIPshield. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml VoIPshield: http://www.voipshield.com/research-details.php?id=64 http://www.voipshield.com/research-details.php?id=65 http://www.voipshield.com/research-details.php?id=66 http://www.voipshield.com/research-details.php?id=67 http://www.voipshield.com/research-details.php?id=68 http://www.voipshield.com/research-details.php?id=69 http://www.voipshield.com/research-details.php?id=70 http://www.voipshield.com/research-details.php?id=71 http://www.voipshield.com/research-details.php?id=72 http://www.voipshield.com/research-details.php?id=73 http://www.voipshield.com/research-details.php?id=74 http://www.voipshield.com/research-details.php?id=75 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. The problem is Bug ID : CSCsq35151 It is a problem.Please refer to the “Overview” for the impact of this vulnerability. Attackers can exploit this issue to gain read-only access to potentially sensitive information about a CUCM cluster. Information harvested can aid in further attacks. The following versions of CUCM are affected: 4.2 prior to 4.2(3)SR4 4.3 prior to 4.3(2)SR1 5.0 prior to 5.1(3c) 6.0 prior to 6.1(2) Unified CallManager 4.1 versions are also affected. In normal operation, Real-Time Monitoring Tool (RTMT) clients collect CUCM cluster statistics by authenticating to the Simple Object Access Protocol (SOAP)-based web interface, which proxies the authenticated connection to the RIS data collector process. 1) An unspecified error in the Computer Telephony Integration (CTI) Manager service can be exploited to cause a DoS by sending a specially crafted packet to port 2748/TCP. information about performance statistics, user names, and configured IP phones. PROVIDED AND/OR DISCOVERED BY: VoIPshield CHANGELOG: 2008-06-26: Added links to VoIPshield. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml VoIPshield: http://www.voipshield.com/research-details.php?id=64 http://www.voipshield.com/research-details.php?id=65 http://www.voipshield.com/research-details.php?id=66 http://www.voipshield.com/research-details.php?id=67 http://www.voipshield.com/research-details.php?id=68 http://www.voipshield.com/research-details.php?id=69 http://www.voipshield.com/research-details.php?id=70 http://www.voipshield.com/research-details.php?id=71 http://www.voipshield.com/research-details.php?id=72 http://www.voipshield.com/research-details.php?id=73 http://www.voipshield.com/research-details.php?id=74 http://www.voipshield.com/research-details.php?id=75 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. Windows Edition Safari Is Internet Explorer There is a problem of automatically executing the downloaded file depending on the setting contents. As a result, a remote attacker may execute arbitrary code. Apple Safari is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to run arbitrary code with the privileges of the user running the affected application. This issue affects versions prior to Apple Safari 3.1.2 running on Microsoft Windows XP and Windows Vista. Safari is the web browser bundled by default in the Apple family operating system. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Safari for Windows Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30775 VERIFY ADVISORY: http://secunia.com/advisories/30775/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, System access WHERE: >From remote REVISION: 1.1 originally posted 2008-06-20 SOFTWARE: Safari for Windows 3.x http://secunia.com/product/17978/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. 1) A boundary error within the handling of BMP and GIF images can be exploited to trigger an out-of-bounds read and disclose content in memory. 3) An unspecified error in the handling of Javascript arrays can be exploited to cause a memory corruption when a user visits a specially crafted web page. SOLUTION: Update to version 3.1.2. http://www.apple.com/support/downloads/safari312forwindows.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Gynvael Coldwind, Hispasec 2) Will Dormann, CERT/CC 3) James Urquhart CHANGELOG: 2008-06-20: Added link to US-CERT. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2092 US-CERT VU#127185: http://www.kb.cert.org/vuls/id/127185 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer. This issue is confirmed to affect Mac OS X 10.5 versions; earlier versions may also be vulnerable. A local attacker can invoke Mac OS X's ARDAgent via AppleScript (such as osascript). This vulnerability is currently being actively exploited by a Trojan named AppleScript.THT. Once the user is tricked into installing a malicious file with a Trojan horse, the Trojan horse will open file sharing, Web sharing, and remote login. The default file name of the Trojan is AStht_06.app, and the installation location is /Library/Caches. The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Reported in the Macshadows.com forums and via Slashdot. ORIGINAL ADVISORY: http://www.macshadows.com/forums/index.php?showtopic=8640 http://it.slashdot.org/article.pl?sid=08/06/18/1919224 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames.". Cisco Intrusion Prevention System (IPS) There is a service disruption (DoS) An unknown vulnerability exists. An attacker can exploit this issue to cause a kernel panic and deny service for legitimate users. Versions prior to Cisco Intrustion Prevention System 5.1(8)E2 and 6.0(5)E2 are vulnerable. NOTE: This issue affects only platforms that contain gigabit network interfaces and are deployed in inline mode. Successful exploitation of the vulnerabilities described in this article could result in a denial of service over the network, requiring a power outage to resume operation. SOLUTION: Reportedly, fixed versions 5.1(8)E2 and 6.0(5)E2 will be available soon. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. This vulnerability may lead to a kernel panic that requires a power cycle to recover platform operation. Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml. To determine the version of software that is running on a Cisco IPS platform, log into the platform using the console or Secure Shell (SSH) and issue the show version command. sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 6.0(4a)E1 To determine whether a Cisco IPS platform has interfaces configured for inline mode, log into the platform using the console or SSH and issue the show interfaces command. Look for paired interfaces in the Inline Mode statement of the command output. sensor# show interfaces ... MAC statistics from interface GigabitEthernet0/1 Interface function = Sensing interface Description = Media Type = TX Missed Packet Percentage = 0 Inline Mode = Paired with interface GigabitEthernet0/0 ... MAC statistics from interface GigabitEthernet0/0 Interface function = Sensing interface Description = Media Type = TX Missed Packet Percentage = 0 Inline Mode = Paired with interface GigabitEthernet0/1 Products Confirmed Not Vulnerable +-------------------------------- The following Cisco IPS platforms are not vulnerable: * 4210 * 4215 * SSM-AIP10 * SSM-AIP20 * SSM-AIP40 * AIM-IPS * NM-CIDS * IDSM2 Cisco IPS version 6.1(1) is not vulnerable. No other Cisco products are currently known to be affected by this vulnerability. Jumbo Ethernet support is usually deployed in data center environments to increase inter-server communication performance and is not a default configuration for Cisco routers and switches. If they are configured to use bypass mode to allow traffic to pass in the event of a system failure, all Cisco IPS platforms will fail to forward traffic except for the 4260 and 4270 platforms. The Cisco IPS 4260 and 4270 platforms contain a hardware bypass feature that allows them to pass network traffic in the event of a kernel panic or power outage. They will pass traffic by default if the hardware bypass feature is engaged. This vulnerability is documented in Cisco Bug ID CSCso64762 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2008-2060. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCso64762 - IPS Jumbo frame not processed properly CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in a network denial of service condition. A power cycle is required to recover operation. An attacker may be able to evade access controls and detection of malicious activity in the case of Cisco IPS 4260/4270 platforms that have hardware bypass configured to pass traffic in the event of a kernel panic. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. This vulnerability is fixed in Cisco IPS versions 5.1(8)E2 and 6.0(5) E2 that are expected to be available for download by June 20, 2008. Fixed software Cisco IPS version 5.1(8)E2 will be available at the following link: http://www.cisco.com/pcgi-bin/tablebuild.pl/ips5?psrtdcat20e2 Fixed software Cisco IPS version 6.0(5)E2 will be available at the following link: http://www.cisco.com/pcgi-bin/tablebuild.pl/ips6?psrtdcat20e2 Workarounds =========== To workaround this vulnerability, administrators can disable jumbo Ethernet support on routers and switches directly that are connected to vulnerable Cisco IPS platforms. This workaround may produce a negative performance impact in certain environments. Administrators are encouraged to upgrade to fixed software. For more information about configuring Jumbo frames on Cisco switches, please reference the following link: http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows: * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by HD Moore of BreakingPoint Systems. Status of this Notice: FINAL THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients: * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-June-18 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. -----BEGIN PGP SIGNATURE----- iD8DBQFIWTYs86n/Gc8U/uARAn3FAKCIkVy8TfwwoKE3pFjMfRMyZN4+SACghKEB Vb2Ngh4ALQrSRsWdWiy/2u4= =IvlU -----END PGP SIGNATURE-----

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. Deterministic Network Enhancer (DNE) Contains an elevation of privilege vulnerability. As a result, local users Windows Arbitrary code may be executed with kernel privileges. Deterministic Networks Provided by Deterministic Network Enhancer (DNE) Is Microsoft Windows This product is an extension of the network stack. DNE Is Cisco VPN Client It is used by multiple products. DNE Driver dne2000.sys Contains an elevation of privilege vulnerability. For details, refer to the information provided by each vendor.Local users Windows Arbitrary code may be executed with kernel privileges. Successful attacks will completely compromise affected computers. DNE 'dne2000.sys' 2.21.7.233 to 3.21.8 are vulnerable; other versions may also be affected. There is a loophole in the implementation of the DNE driver. The vulnerability is reported in dne2000.sys versions 2.21.7.233 to 3.21.7.17464. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://www.digit-labs.org/files/exploits/dne2000-call.c ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. Sun Solaris of e1000g The driver has a service disruption (DoS) Vulnerabilities exist.Service disruption by a malicious local user (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to block all inbound network packets on the affected system, resulting in a denial-of-service condition. This issue affects Solaris 10 and OpenSolaris for SPARC and x86 platforms. This can be exploited to block all incoming traffic to the system. SOLUTION: Apply patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238250-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. The webserver in multiple Xerox copier/printer models is prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. The following Xerox copier/printer models are affected: Xerox 4110 Xerox 4590 Xerox 4595. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Xerox Copier/Printer Products Web Server Unspecified Script Insertion SECUNIA ADVISORY ID: SA30639 VERIFY ADVISORY: http://secunia.com/advisories/30639/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From local network OPERATING SYSTEM: Xerox 4110 Copier/Printer http://secunia.com/product/19057/ Xerox 4590 Copier/Printer http://secunia.com/product/19056/ Xerox 4595 Copier/Printer http://secunia.com/product/19058/ DESCRIPTION: A vulnerability has been reported in some Xerox Copier/Printer products, which can be exploited by malicious people to conduct script insertion attacks. Certain unspecified input in the Web Server is not properly sanitised before being used. The vulnerability affects the following products: * Xerox 4110 Copier/Printer * Xerox 4590 Copier/Printer * Xerox 4595 Copier/Printer SOLUTION: Apply updates (see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Louhi Networks. ORIGINAL ADVISORY: XRX08-007: http://www.xerox.com/downloads/usa/en/c/cert_XRX08_007.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------