VARIoT IoT vulnerabilities database

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to "communicate" with the user. ISIHARA Takanori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user may gain unauthorized access to resources on the system. Symantec AntiVirus Corporate Edition is susceptible to a local privilege escalation vulnerability. This issue is due to a failure of the application to properly lower the privileges of the running process when required. Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens the HTML help browser from the affected application, it is executed with the same elevated privileges as the calling application. This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer. More information can be found at the following location: http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=1 55 II. Exploitation can occur when a user chooses the right click "Scan for viruses" option. The Symantec scan file interface allows the user to launch a help window through the use of a toolbar icon. If the user then right clicks the help window title bar they can choose the "Jump to URL" menu option, which will then allow them to browse the local file system and execute files as the SYSTEM user. This vulnerability is a re-appearance of an old bug formerly found in the Symantec 7.x series virus scan product. http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00357.html http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00379.html III. IV. This is a re-appearance of an old bug that was reportedly fixed in versions 7.5.1 Build 62 and later, and version 7.6.1 Build 35a. V. WORKAROUND iDEFENSE is currently unaware of any workaround for this issue. VI. VENDOR RESPONSE "Symantec engineers have verified this issue and corrected it in Maintenance Release (MR) 3 and all subsequent MRs and upgrades for Symantec AntiVirus Corporate Edition and Symantec Client Security." A vendor advisory for this issue is available at the following URL: http://www.symantec.com/avcenter/security/Content/2005.08.24.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2017 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 06/15/2005 Initial vendor notification 06/15/2005 Initial vendor response 08/29/2005 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.idefense.com X. LEGAL NOTICES Copyright (c) 2005 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs certain JavaScript operations. The exact cause of this issue is currently unknown. This BID will be updated as further information is disclosed. This vulnerability allows remote attackers to crash affected Web browsers by causing an invalid memory access exception. Safari version 1.3 is reported susceptible to this issue. Other versions may also be affected. Safari is the default web browser on Mac OS X

Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm. McDATA Sphereon 4300, and 4500 Fabric Switches, Intrepid 6064, and 6140 Director Switches are susceptible to a remote denial of service vulnerability when running E/OS versions prior to 6.0.0. This issue is due to the affected devices failing to properly handle network broadcast storms. Hosts utilizing the SAN for storage may loose complete access to the attached storage. This vulnerability allows attackers to simultaneously deny storage service to potentially numerous servers connected to a SAN. Versions of E/OS prior to 6.0.0 are affected by this vulnerability. There are unknown vulnerabilities in Sun McData switches and director4300, 4500, 6064 and 6140, and versions before E/OS 6.0.0. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: McDATA Switches / Directors Network Broadcast Storm Denial of Service SECUNIA ADVISORY ID: SA16295 VERIFY ADVISORY: http://secunia.com/advisories/16295/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: McDATA Sphereon 4300 Fabric Switch http://secunia.com/product/5484/ McDATA Intrepid 6140 Director http://secunia.com/product/5485/ McDATA Intrepid 6064 Director http://secunia.com/product/5486/ McDATA Sphereon 4500 Fabric Switch http://secunia.com/product/5483/ DESCRIPTION: A vulnerability has been reported in McDATA Switches and Directors, which can be exploited by malicious people to cause a DoS (Denial of Service). This can lead to multiple path failures and loss of host access to the array. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Sun Microsystems: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101833-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. This constant certificate/key pair is always used to access the device. This can allow an attacker to obtain the certificate/key pair and carry out various attacks. A complete compromise of the device is possible. Linksys WRT54G is a wireless router device that combines several functions. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Linksys WRT54G Router Common SSL Private Key Disclosure SECUNIA ADVISORY ID: SA16271 VERIFY ADVISORY: http://secunia.com/advisories/16271/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/ DESCRIPTION: Nick Simicich has reported a security issue in WRT54G, which potentially can be exploited by malicious people to gain knowledge of certain sensitive information. A user with knowledge with the private key can potentially decrypt router management traffic captured from the network. PROVIDED AND/OR DISCOVERED BY: Nick Simicich ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users. Cisco has stated that exploits of this vulnerability in Cisco IOS XR may cause the IPv6 neighbor discovery process to restart. If exploited repeatedly, this could result in a prolonged denial of service affecting IPv6 traffic traveling through the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-210A Cisco IOS IPv6 Vulnerability Original release date: July 29, 2005 Last revised: -- Source: US-CERT Systems Affected * Cisco IOS devices with IPv6 enabled For specific information, please see the Cisco Advisory. I. US-CERT has not confirmed further technical details. According to the Cisco Advisory, this vulnerability could be exploited by an attacker on the same IP subnet: Crafted packets from the local segment received on logical interfaces (that is, tunnels including 6to4 tunnels) as well as physical interfaces can trigger this vulnerability. Crafted packets can not traverse a 6to4 tunnel and attack a box across the tunnel. The crafted packet must be sent from a local network segment to trigger the attack. This vulnerability can not be exploited one or more hops from the IOS device. US-CERT strongly recommends that sites running Cisco IOS devices review the Cisco Advisory and upgrade as appropriate. We are tracking this vulnerability as VU#930892. II. The attacker may be able to take control of a vulnerable device. III. Solutions Upgrade Upgrade to a fixed version of IOS. Please see the Software Versions and Fixes section of the Cisco Advisory for details. On a router which supports IPv6, this must be done by issuing the command "no ipv6 enable" and "no ipv6 address" on each interface. Appendix A. Vendor Information Cisco Systems, Inc. Cisco Systems, Inc. has released a security advisory regarding a vulnerability which was disclosed on July 27, 2005 at the Black Hat security conference. Security advisory is available at: http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml For up-to-date information on security vulnerabilities in Cisco Systems, Inc. products, visit http://www.cisco.com/go/psirt. Appendix B. References * US-CERT Vulnerability Note VU#930892 - <http://www.kb.cert.org/vuls/id/930892> * Cisco Security Advisory: IPv6 Crafted Packet Vulnerability - <http://www.cisco.com/en/US/products/products_security_advisory091 86a00804d82c9.shtml> _________________________________________________________________ Information regarding this vulnerability was primarily provided by Cisco Systems, who in turn acknowledge the disclosure of this vulnerability at the Black Hat USA 2005 Briefings. _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Send mail to <cert@cert.org> with "TA05-210A feedback VU#930892" in the subject. _________________________________________________________________ The most recent version of this document is available at: <http://www.us-cert.gov/cas/techalerts/TA05-210A.html> _________________________________________________________________ Produced 2005 by US-CERT, a government organization. _________________________________________________________________ Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History July 29, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQuqgLRhoSezw4YfQAQI5iwgAkSYXPNt6Hffg7BfMeYoBaZ4Co6XFVjQ6 nWHKt1inYcYta/DXEuWJAhcjI/t8v74OH0b5sxGEr0mwtzEwV2r5pAF6nQesqyoj q3r60OE3TZygxUZPrGNmmkSpkhoNap9cSVs97Xt6Fd4evOmp0VZ6pqMdJtQ/r5xk d67LicCM9NLNoC0LPoen2/7ICu7jqxZnoF4oHDkZS8b2g2mx7vfz3Htj44Nd5/eD tWe8HqF8ReSyLEiOj8z8vrjcfz+BIwSLXnyr6DDxSvFmhy0CunGFkCQq074CwbVE GZjAJSn2r/A2Pp3HBP/RxQ9BNv8rHrSF7DkG9gADc5PV8WpaLCHP0Q== =4jtB -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco IOS IPv6 Packet Handling Vulnerability SECUNIA ADVISORY ID: SA16272 VERIFY ADVISORY: http://secunia.com/advisories/16272/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: A vulnerability has been reported in Ciso IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable network device. SOLUTION: The vendor has issued updated versions (see patch matrix in vendor advisory). Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. Belkin 54G Wireless Router is prone to a remote security vulnerability. Belkin 54g wireless routers is a broadband wireless router produced by Belkin Corporation of the United States

The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze. The Siemens Santis 50 wireless router is a wi-fi (802.11b) ADSL router for home and small business networks.  Siemens Santis 50 provides a web management interface and a classic telnet CLI for management purposes. These services are only available through the local network by default, but can also be activated through the WAN interface. Siemens Santis 50 Wireless router Web interface is affected by a remote denial of service vulnerability. The attacker can also erase the FLASH contents. Information obtained may be used in further attacks against the vulnerable device or the network it operates on. This issue may also affect the Ericsson HN294dp and Dynalink RTA300W routers. Both devices are believed to use the same hardware as the Siemens Santis 50 Wireless router; this has not been confirmed by Symantec. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Siemens Santis 50 Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA16215 VERIFY ADVISORY: http://secunia.com/advisories/16215/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Siemens Santis 50 http://secunia.com/product/5440/ DESCRIPTION: Luca Carettoni has reported a vulnerability in Siemens Santis 50, which can be exploited by malicious people to bypass certain security restrictions. This can reportedly be exploited to view configuration information and potentially erase the device's flash memory. The vulnerability has been reported in firmware version 4.2.8.0. Other versions may also be affected. SOLUTION: Restrict access to the device. PROVIDED AND/OR DISCOVERED BY: Luca Carettoni, Secure Network. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. An attacker can disclose the administrator password through the Web interface of the device. This can lead to a complete compromise of the router. B-FOCuS Router 312+ router can provide users with reliable and secure ADSL2+ connection. By default, the management interface of the eci router is available via HTTP, which is protected by a login screen. But an attacker can easily bypass the login screen by visiting the firmwarecfg page in the unprotected cgi-bin directory and download the router's current settings, including plaintext connection and management passwords. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: ECI B-FOCuS Router firmwarecfg Missing Access Control Restrictions SECUNIA ADVISORY ID: SA16205 VERIFY ADVISORY: http://secunia.com/advisories/16205/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: B-FOCuS Router 312+ http://secunia.com/product/5436/ DESCRIPTION: D.is.evil has reported a security issue in B-FOCuS Router 312+, which can exploited by malicious people to bypass certain security restrictions. The problem is caused due to the lack of access controls on the "/cgi-bin/firmwarecfg" page of the router's web management interface. This can reportedly be exploited to retrieve sensitive information such as the current router settings, connection and management passwords, or to cause a DoS by resetting the router constantly. PROVIDED AND/OR DISCOVERED BY: D.is.evil ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network. This can lead to various attacks against the affected computer. This issue does not affect AirPort Extreme. Apple AirPort is a Wi-Fi base station product of Apple (Apple). The product supports streaming music and wireless printing. A security restriction bypass vulnerability exists in Apple AirPort

Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502. Darwin Streaming Server is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Apple Darwin Streaming Server Web Admin Denial of Service SECUNIA ADVISORY ID: SA16056 VERIFY ADVISORY: http://secunia.com/advisories/16056/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Darwin Streaming Server 5.x http://secunia.com/product/3085/ DESCRIPTION: Sowhat has reported a vulnerability in Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the web-based admin interface when handling HTTP requests containing MS-DOS device names with ".cgi" extension appended (e.g. AUX.cgi). Successful exploitation causes the service to stop responding. The vulnerability has been reported in versions 5.5 and prior for Windows. SOLUTION: Update to version 5.5.1. PROVIDED AND/OR DISCOVERED BY: Sowhat ORIGINAL ADVISORY: http://secway.org/Advisory/AD20050713.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data. The Cisco ONS 15216 OADM has separate data planes, one that exists solely for device management, and the other that exists for data transport purposes. When the vulnerability is triggered, the Telnet service will no longer respond to subsequent legitimate requests. However, the data plane (Network traffic that is being switched and transmitted by the device.) is not affected by this attack. This vulnerability exists in the Cisco ONS 15216 OADM device that is running software release 2.2.2 and earlier software releases. Cisco ONS is an optical network platform developed by CISCO

Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet. The CSA has a vulnerability in handling malformed IP packets. The remote attacker can exploit this vulnerability to perform a denial of service attack on the device. Repeated attackers can lead to continued denial of service. This issue may be triggered by a maliciously crafted IP packet. This vulnerability affects only CSA 4.5 on Windows operating systems other than Windows XP. A denial of service vulnerability exists in CSA 4.5

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. This issue is documented in Cisco bug CSCee00116, which is available to Cisco customers. This issue may be exploited to cause the affected application to restart, denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. There are denial of service vulnerabilities in multiple versions of CCM (3.2 and earlier, 3.3 earlier than 3.3(5), 4.0 earlier than 4.0(2a)SR2b, and 4.1 4.1 earlier than 4.1(3)SR1)

Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. This issue is documented in Cisco bug CSCef47060, which is available to Cisco customers. Attackers may exploit this vulnerability by repeatedly attempting, and failing, to log into the affected service. It is reported that as much as 750 megabytes of memory may be consumed, resulting in a sever reduction in performance, possibly denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Inetinfo.exe in multiple versions of CCM (3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 and 4.1 before 4.1(3)SR1) has memory leaks, which may result in a denial of service

The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. The CallManager aupair service is susceptible to an unspecified remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This issue is documented in Cisco bug CSCsa75554, which is available to Cisco customers. This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in crashing the affected process, denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco

Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. F5 BIG-IP is susceptible to an unspecified SSL authentication bypass vulnerability. It is conjectured that if the BIG-IP is configured to authenticate by utilizing certificate-based authentication, attackers may be able to bypass the requested authentication checks. This allows remote attackers to gain access to protected Web sites. Depending on the nature of the protected Web sites, various further attacks may also be possible. Further details are not currently available. This BID will be updated as more information is disclosed. Versions of BIP-IP from 9.0.2 through to 9.1 are affected. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: BIG-IP Unspecified SSL Authentication Security Bypass SECUNIA ADVISORY ID: SA16008 VERIFY ADVISORY: http://secunia.com/advisories/16008/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: BIG-IP 9.x http://secunia.com/product/3158/ DESCRIPTION: A vulnerability has been reported in BIG-IP, which potentially can be exploited by malicious people to bypass certain security restrictions. SOLUTION: The vendor has issued a security update for versions 9.0.4, 9.0.5, and 9.1. ftp://ftp.f5.com/Domestic/bigip/bigip9x-hotfix-CR49528/ As a workaround, the vendor recommends temporarily disabling NATIVE ciphers on any clientssl or serverssl profiles that require or request authentication. This may result in a loss of SSL performance. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: F5 Networks: http://tech.f5.com/home/bigip-next/solutions/security/sol4944.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. This issue is documented in Cisco bug CSCed37403, which is available to Cisco customers. If attackers repeatedly create, and then drop TCP connections to the vulnerable service, excessive memory resources will be consumed, potentially leading to further connections being refused. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. A denial of service vulnerability exists in multiple versions of CCM (3.2 and prior, 3.3 prior to 3.3(5), 4.0 prior to 4.0(2a)SR2b, and 4.1 prior to 4.1(3)SR1)

Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors. Check Point SecuRemote NG is affected by a local information disclosure vulnerability. This issue may allow an attacker to disclose authentication credentials used to access the VPN application. An attacker could use the information gathered through the exploitation of this vulnerability to gain access to or carry out other attacks against an affected computer or the network protected by the VPN. SecuRemoteNG is Check Point's firewall and VPN system

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. 7960 Router is prone to a remote security vulnerability. Cisco 7940/7960 is Cisco's network switching equipment. A remote spoofing vulnerability exists in Cisco 7940/7960 Voice over IP (VoIP) phones. This allows remote attackers to spoof e.g

Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences. Quick And Dirty Phpsource Printer is prone to a directory traversal vulnerability. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Quick & Dirty PHPSource Printer Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA15900 VERIFY ADVISORY: http://secunia.com/advisories/15900/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From remote SOFTWARE: Quick & Dirty PHPSource Printer 1.x http://secunia.com/product/5323/ DESCRIPTION: Seth Alan Woolley has discovered a vulnerability in Quick & Dirty PHPSource Printer, which can be exploited by malicious people to gain knowledge of sensitive information. Input passed to the "file" parameter in "source.php" is not properly sanitised before being used. The vulnerability has been confirmed in version 1.0. Other versions may also be affected. SOLUTION: The vendor has released version 1.1, which does not properly fix the vulnerability. Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Seth Alan Woolley ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------