VARIoT IoT vulnerabilities database

Mini Web Server is prone to multiple buffer-overflow vulnerabilities. A successful exploit may lead to remote arbitrary code execution with the privileges of the server application, facilitating a remote compromise of affected computers. Mini Web Server 0.04 and prior versions are vulnerable to these issues.

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. Multiple Check Point products are prone to a security-bypass vulnerability. An attacker can exploit this issue to access cookie data and then use it to bypass certain security restrictions. This issue may potentially allow an attacker to gain unauthorized access to the affected application. Check Point Connectra is a web security gateway that provides SSL VPN access and integrates endpoint security and application security within a unified solution. There are loopholes in Connectra's processing of endpoint access authentication. One of the main functions of Connectra is the comprehensive endpoint security service. Specifically, before the client connects to the internal network, it will perform a test on the client to check whether the computer has a security risk. If a risk is detected, it will prompt the user for details of the risk. information, and the user will be asked to test again before logging on to the network. After the user submits the request, the server will send Set-Cookie to the client. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Check Point Products ICS Security Bypass SECUNIA ADVISORY ID: SA23847 VERIFY ADVISORY: http://secunia.com/advisories/23847/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Check Point Connectra Appliances http://secunia.com/product/13352/ SOFTWARE: http://secunia.com/product// Check Point VPN-1 Power NGX http://secunia.com/product/13348/ http://secunia.com/product// Check Point VPN-1 UTM NG AI http://secunia.com/product/13350/ Check Point VPN-1 Power NG AI http://secunia.com/product/13351/ Check Point VPN-1 UTM NGX http://secunia.com/product/13346/ DESCRIPTION: Roni Bachar and Nir Goldshlager have reported a vulnerability in Check Point products, which can be exploited by malicious people to bypass certain security restrictions. The problem is that /sre/params.php in ICS (Integrity Clientless Security) does not properly validate the data being sent to it. This can be exploited to receive a cookie, which can be used to bypass certain checks before being allowed to log in to the network, by sending a POST request with a valid report to the /sre/params.php page. Successful exploitation requires that the ICS feature is enabled. The vulnerability affects the following products and versions: * Connectra NGX R62 * Connectra NGX R61 * Connectra NGX R60 * Connectra 2.0 * VPN-1 Power/UTM (Pro/Express) NGX R62 * VPN-1 Power/UTM (Pro/Express) NGX R61 * VPN-1 Power/UTM (Pro/Express) NGX R60 * VPN-1 Power/UTM (Pro/Express) NG AI R55W * VPN-1 Power/UTM (Pro/Express) NG AI R55 SOLUTION: Apply hotfix. Connectra: http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html VPN-1: http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html PROVIDED AND/OR DISCOVERED BY: Roni Bachar and Nir Goldshlager, Avnet ORIGINAL ADVISORY: Check Point: https://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472 Full-Disclosure: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. Successfully exploiting this issue allows remote attackers to corrupt memory and crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed. Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4. QuickDraw is a graphics processing tool bundled in the Apple operating system. A memory corruption vulnerability exists in QuickDraw when parsing PICT graphics with malformed ARGB records. A remote attacker may exploit this vulnerability to cause the application to crash. If the user is tricked into opening a malicious graphics file, this vulnerability will be triggered, destroying the pointer sent to the _GetSrcBits32ARGB() function, resulting in a denial of service. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The vulnerability is caused due to an error in Apple QuickDraw and can be exploited to cause the application using the QuickDraw routines to crash, when a specially crafted PICT image is processed. The vulnerability is reported in Mac OS X 10.4.8 (x86). Other versions may also be affected. SOLUTION: Do not open or use PICT images from untrusted sources. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-23-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. Exploiting this issue allows attackers to gain unauthorized access to the device's administration interface. This can result in the compromise of the device and may facilitate attacks against computers connected to the device. T-Com Speed 500V with Firmware version 1.31 is vulnerable; other versions may also be affected. The Speedport 500V is a broadband router widely sold by German ADSL providers. Speedport only sets the cookie to the LOGINKEY=TECOM content (hard coded and cannot be changed) when authenticating the user's input password. If an attacker can create this cookie, he can bypass password authentication by directly calling the configuration HTML site, obtain unauthorized access, and change system configurations, such as disabling the firewall. While an attacker cannot change the system password without knowing the old password, it is possible to reset the password to the default via a firmware upgrade and gain full system access. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: T-Com Speedport Authentication Bypass SECUNIA ADVISORY ID: SA23853 VERIFY ADVISORY: http://secunia.com/advisories/23853/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: T-Com Speedport 500V 1.x http://secunia.com/product/13294/ DESCRIPTION: Virginity has reported a vulnerability in T-Com Speedport, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Use the device only in trusted networks. via a firewall). PROVIDED AND/OR DISCOVERED BY: Virginity ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. Mac OS X is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The vulnerability is caused due to an error in the "shared_region_map_file_np()" syscall and can cause the system to become unresponsive by providing a high "mapping_count" value. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Adriano Lima ORIGINAL ADVISORY: http://risesecurity.org/advisory.php?id=RISE-2007001.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

WzdFTPD is an ftp server that runs on the linux/win32/freebsd/openbsd platform. WzdFTPD has a vulnerability in handling malformed user requests, and remote attackers can cause WzdFTPD to refuse service by sending a specially crafted FTP command. The 'wzdftpd' program is prone to multiple remote denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users. These issues reportedly affect versions prior to 0.8.1

AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). FRITZ!Box is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to crash the VoIP-telephony service, effectively denying service to legitimate users. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Fritz!Box UDP Packet SIP Denial of Service SECUNIA ADVISORY ID: SA23868 VERIFY ADVISORY: http://secunia.com/advisories/23868/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: AVM Fritz!Box 7050 http://secunia.com/product/13298/ DESCRIPTION: Matthias Wenzel has reported a vulnerability in AVM Fritz!Box 7050, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of certain UDP packets. SOLUTION: Use another device. PROVIDED AND/OR DISCOVERED BY: Matthias Wenzel ORIGINAL ADVISORY: http://mazzoo.de/blog/2007/01/18#FritzBox_DoS ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. Rumpus Ftp Server is prone to a local security vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Rumpus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23842 VERIFY ADVISORY: http://secunia.com/advisories/23842/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Rumpus 5.x http://secunia.com/product/11982/ DESCRIPTION: LMH and KF have reported some vulnerabilities in Rumpus, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious users to compromise a vulnerable system. 1) The application invokes "ipfw" without an absolute path and has the setuid bit set. This can be exploited to gain "root" privileges by placing a specially crafted "ipfw" binary in the path. 2) Boundary errors within the FTP service can be exploited to cause heap-based buffer overflows and can potentially be exploited to execute arbitrary code via specially crafted packets. Successful exploitation requires a valid user account. The vulnerabilities are reported in version 5.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH and KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-18-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. Rumpus Ftp Server is prone to a local security vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Rumpus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23842 VERIFY ADVISORY: http://secunia.com/advisories/23842/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Rumpus 5.x http://secunia.com/product/11982/ DESCRIPTION: LMH and KF have reported some vulnerabilities in Rumpus, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious users to compromise a vulnerable system. 1) The application invokes "ipfw" without an absolute path and has the setuid bit set. This can be exploited to gain "root" privileges by placing a specially crafted "ipfw" binary in the path. 2) Boundary errors within the FTP service can be exploited to cause heap-based buffer overflows and can potentially be exploited to execute arbitrary code via specially crafted packets. Successful exploitation requires a valid user account. The vulnerabilities are reported in version 5.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH and KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-18-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. Apple Installer is the application responsible for installing Mac OS X software packages. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA23772 VERIFY ADVISORY: http://secunia.com/advisories/23772/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 6.10 http://secunia.com/product/12470/ Ubuntu Linux 6.06 http://secunia.com/product/10611/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes a vulnerability, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23696 SOLUTION: Apply updated packages. Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.2.diff.gz Size/MD5: 1447550 546659a7ce8758c26c33d0241adb992d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.2.dsc Size/MD5: 848 ed669b2e38c5b3b6701401b99bbdb3cb http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.2_all.deb Size/MD5: 852734 748a61c88e96abcc2fd922acdafbd56c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 79686 a56316c071cbdae9f33b10166e204340 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 222738 173b8846edc4d84b0880b293ebd819f8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 59876 11c96393564f5422e884cda60671688d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 134570 c2fa98268d5c486988eae91040441720 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 84774 7dc407371c107d79c69ffe054f702ba7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 67044 4a01011a78cf0c299df6b36384c0950b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 129430 2acabc3bcb9323fa28a69e306694a1ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 190294 a4044fce177ca61f9b24ff9515443e5f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 768212 bba4e4f35f90a58177f14d35d9fccf1e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 425220 e16e7b2709af4fb8a88a0819cdfc1a40 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 71660 d38e87ecea34868e1dac394b9047c382 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 186752 12424ad58c808a4867f0db0d014a34ec http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 53844 3aa5f6a9ae2cb49659a0577ea972d0af http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 121068 9a1fcd42b91849f0a4ce3c1614c3dbb9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 75438 9b264a66dff08d0206370a43058687d1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 58204 6e89a58b9d435c6e1422537a18da2dc1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 118528 82f62332c5bae9177ce1f356b824279e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 165130 0968da19d0bdac05e716825ba045f5e5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 646560 89ccbd05cda4887245d7d5c5cd77d383 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 380650 8a8e6bebd4955809ef62a27cc7eb8918 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 79712 119d48198050bd5e24c711c895770bf0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 220080 3025e485a43fd6a67c6d7716f1efad63 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 59084 97104b0dcfc3a4dacd5c1334766c488b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 135552 b1c5a4334633412e8c64d808b4a30280 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 84632 b7a70d1cb0513523911248231bbcca82 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 65420 9300e4d62e4dedad6ac85647fe157ee2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 134396 f07964b5364af26ac18bc4c37ff71e3f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 177082 8488709500858a66f07183a193a249e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 751382 96e57442a0caa1e574f0581327fc9e1a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 395444 b672282f98601ebe9340f251d7e2dd46 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 72292 ed56430a6017fe52fd34e8724ff5892d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 196928 2dff67f37591eede7be792c836028920 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 55818 1de2f224962fd6e7f9a5a642995a2fb6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 123914 871a22e98608033db8dbc3e85d18e430 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 76454 c8f134cee518c209e4f068d59e7bc90e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 61752 e15353f761ff1b052ff790c3b22d9f03 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 120102 a72b86d5911ebf7d90454e20a5d3d6a7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 164630 2ba7eb220cee2ef90c433520dc22bd1d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 677878 53436fc167794aa6c7e4538156b279e4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 368236 8cfe1fb1b04f054211103b96bd85d4d0 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.1.diff.gz Size/MD5: 1468259 a89554ee72ae46193497b5fdb86359e5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.1.dsc Size/MD5: 883 92b415a7e46614bc10a6fad2971a13a4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.1_all.deb Size/MD5: 853430 3958e9a508ef75081c289378ee06cb5d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 81062 5e7b14c23de60189762b3776991256a3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 223934 6cbf0f868012e01518617369f4c09d78 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 61134 c2420e53a8369ef1fb7150d8a486dd3c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 138648 38ffe1ee542695b7e7110f752b02a735 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 86946 da6f24f2da9e84b2e13c0a296c8bdfcb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 67556 711861722d5ef9e31d6d641076574df6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 130170 53bf2f36db32694986426840efce7a63 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 190180 27a2f0cf1711ddf7498b20073363c5f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 1072552 d9f4df032a6d0b24d4b948cdc2a17ec3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 771828 8a490a2198a58ccea514e43ab68bce88 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 427562 f60e228b07f072ee64e66d16b01c80c9 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 74768 07466ce7134858695cd2608f7d916bc9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 195996 77d746677df270dc89773c13f4231e98 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 56642 33f6895466f028e4f7e60fe6d0102d7b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 128984 d57c3ae641ffc63cde21557c3db9355c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 79602 6be865799bcf85edb35c541df35b9245 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 61366 e9c4b39d8228118d03d5df02123e437d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 121716 588addedfb49a64c09a8517740d039d9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 172370 b6674bf633bf623d54d53d8ee57120e5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 1024338 53cef35e866ba9bfa14ebb7727b10c9d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 672520 7c1313e3eb84a448479af34eda9a0233 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 403646 b30ac3ba3dc11650ef9a74b5b1d9368a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 81626 eb56ed7461f47af49023f2027d71a249 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 222676 f847921d673ba513a11b2e4da26c6589 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 61324 94d69c98e2439ead3b38757fb6503917 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 140824 a3a2c75ca459aadf29db4af247832cac http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 86812 8747cbb5e22b1611d0f35d413a29dfb8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 66622 e03d52dd334c788d3fb7583660ac25af http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 136342 0048a761afaabaffb847273c88cb7758 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 179554 59ca8bdf4afa0ea09432aaa2e53facf7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 1076132 98f942e3252e3f377cd24c03dfae7120 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 757874 00cde304e78bdd85ca75454ae31f9056 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 398636 15cd61e388f2e658709577c6c17ed9f4 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 74648 a9d42678fb3d7d508c087ae7eb075eec http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 203198 2aeac236c8864c757a55870190918302 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 58498 22079ad35df8ceea0857319eb533ee35 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 129158 a5b36aeb90baba94d569f41d21f16548 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 79926 d889cf2987c8c48a6aef9b566ad14238 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 63040 6e9f3b3ad95536ee494d73e8ee3d252a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 122238 bd59626426b7690742520d2151b58a3c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 166480 fd69c12e642a168d39ce209c1647d433 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 957280 de94391f1d289fbe3c7639f8ca8cf303 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 684606 511b01e003f876bde73badddeda105ab http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 373600 66c24f51433ff5ce4670bc91f04a6187 ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-408-1 OTHER REFERENCES: SA23696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. This issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595. Cisco CS-MARS can receive event logs from various network devices, correlate and analyze the received security problem data, and report findings; ASDM can provide management and monitoring services for various Cisco security devices, and provide firewall services for Cisco switches and routers module. Cisco CS-MARS and ASDM have vulnerabilities in the implementation of communication authentication with managed devices. Because the certificate and public key provided by the device are not verified, if the certificate or public key changes, the affected product cannot determine whether the device it communicates with is legitimate, or whether the device is pretending to be a legitimate device. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. This can be exploited to conduct spoofing attacks and possibly gain knowledge of sensitive information. SOLUTION: Update to the latest version. http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits Jan Bervar, NIL Data Communications. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. Francisco Burzi PHP-Nuke Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (1) admin/modules/modules.php Inside active Parameters (2) modules/Advertising/admin/index.php Inside pad_class Parameters (3) modules/Advertising/admin/index.php Inside pimageurl Parameters (4) modules/Advertising/admin/index.php Inside pclickurl Parameters (5) modules/Advertising/admin/index.php Inside pad_code Parameters (6) modules/Advertising/admin/index.php Inside position Parameters. PHP-Nuke is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 is vulnerable to these issues; other versions may also be affected

Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors. HP Jetdirect is prone to an unspecified denial-of-service vulnerability. An attacker can exploit this issue on an affected computer to cause a denial-of-service condition. HP Jetdirect firmware versions from x.20.00 to x.24.00 are vulnerable to this issue. HP JetDirect printer is a printer with integrated network function developed by Hewlett-Packard Company. There is an input validation vulnerability when the FTP implemented by HP JetDirect processes user requests

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. Rumpus is prone to multiple vulnerabilities, including multiple remote heap-overflow issues, denial-of-service issues, and local privilege-escalation issues. The remote issues affect the FTP and HTTP components of the server. Since Rumpus runs with superuser privileges, a successful attack may facilitate the complete compromise of affected computers. Rumpus 5.1 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Rumpus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23842 VERIFY ADVISORY: http://secunia.com/advisories/23842/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Rumpus 5.x http://secunia.com/product/11982/ DESCRIPTION: LMH and KF have reported some vulnerabilities in Rumpus, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious users to compromise a vulnerable system. 1) The application invokes "ipfw" without an absolute path and has the setuid bit set. This can be exploited to gain "root" privileges by placing a specially crafted "ipfw" binary in the path. Successful exploitation requires a valid user account. The vulnerabilities are reported in version 5.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH and KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-18-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. Mac OS X is prone to a local security vulnerability

Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Mac OS X is prone to a denial-of-service vulnerability. This triggers an invalid null pointer dereference. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24198 VERIFY ADVISORY: http://secunia.com/advisories/24198/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error exists in Finder, which can be exploited by malicious people to cause a buffer overflow by tricking a user to mount a malicious disk image. 2) A null-pointer dereference error in iChat Bonjour can be exploited by malicious people to cause the application to crash. 3) A format string error in the handling of AIM URLs in iChat can be exploited by malicious people to possibly execute arbitrary code. Successful exploitation requires that a user is tricked into accessing a specially crafted AIM URL. For more information: SA23846 SOLUTION: Apply Security Update 2007-002: Security Update 2007-002 (10.4.8 Universal): http://www.apple.com/support/downloads/securityupdate2007002universal.html Security Update 2007-002 (10.4.8 PPC): http://www.apple.com/support/downloads/securityupdate2007002ppc.html Security Update 2007-002 (10.3.9 Panther): http://www.apple.com/support/downloads/securityupdate2007002panther.html PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, DigitalMunition 3) LMH ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305102 OTHER REFERENCES: MOAB: 1) http://projects.info-pull.com/moab/MOAB-09-01-2007.html 3) http://projects.info-pull.com/moab/MOAB-20-01-2007.html SA23846: http://secunia.com/advisories/23846/ SA23945: http://secunia.com/advisories/23945/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. Successful exploits may cause arbitrary code to run superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions. Apple Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well. A local unprivileged user can trigger this vulnerability by submitting malicious requests, resulting in execute arbitrary commands. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The vulnerability is caused due to a boundary error within the SLP daemon ("slpd") when processing the "attr-list" field of a registration request. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. Disable the service. PROVIDED AND/OR DISCOVERED BY: KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-17-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, and denial of service. III. These and other updates are available via Software Update or via Apple Downloads. IV. References * US-CERT Vulnerability Notes for Apple Security Update 2008-001 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_001> * About the security content of Mac OS X 10.5.2 and Security Update2008-001 - <http://docs.info.apple.com/article.html?artnum=307430> * About the Mac OS X 10.5.2 Update - <http://docs.info.apple.com/article.html?artnum=307109> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Apple - Support - Downloads - <http://www.apple.com/support/downloads/> * X.org Foundataion Security Advisories - <http://www.x.org/wiki/Development/Security> * Samba Security Releases - <http://www.samba.org/samba/history/security.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-043B.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE-----

Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. Ingate Firewall and SIParator are prone to an unspecified authentication-replay vulnerability. Very few details regarding this issue are available at this time. This BID will be updated as more information becomes available. Versions prior to 4.5.1 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Replay Attack Vulnerability SECUNIA ADVISORY ID: SA23737 VERIFY ADVISORY: http://secunia.com/advisories/23737/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: A vulnerability has been reported in Ingate Firewall and SIParator, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 4.5.1. http://www.ingate.com/upgrades.php PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-451.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. Ipswitch WS_FTP 2007 Professional is prone to a local memory-corruption vulnerability. This issue occurs when the 'wsbho2k0.dll' library fails to handle specially crafted arguments. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users. Ipswitch WS_FTP 2007 Professional is vulnerable to this issue; other versions may also be affected. A buffer overflow vulnerability exists in Ipswitch WS_FTP 2007 Professional's wsbho2k0.dll when used by wsftpurl.exe

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT (System Service Descriptor Table) hooking on files in its installation directory. A local attacker can exploit this issue to elevate their privileges, which can lead to the complete compromise of an affected computer. Outpost Firewall PRO 4.0 is vulnerable; other versions may also be affected. Outpost Firewal Pro is a small and exquisite network firewall software, including advertisement and image filtering, content filtering, DNS cache and other functions. Outpost uses various SSDT hooks to protect files and directories in its installation directory, but when implementing this protection, it cannot prevent malicious applications from calling the original API ZwSetInformationFile class FileLinkInformation, which allows attackers to replace the ones that the system does not use when calling this function document. A vulnerable file in the Outpost installation directory is SandBox.sys. An attacker can replace this driver with a fake copy, and the system will load the driver on the next reboot. Since the driver runs in privileged kernel mode, this can result in complete system control