VARIoT IoT vulnerabilities database

Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information

Ipswitch IMail Server is a mail server bundled in the Ipswitch collaboration component. A buffer overflow vulnerability exists in the IMail server processing parameters of the SEARCH command request. A remote attacker could exploit this vulnerability to control the server. The IMail server has a stack buffer overflow problem when dealing with multiple options of the SEARCH command (BEFORE, ON, SINCE, SENTBEFORE, SENTON, SENTSINCE). The remote attacker can trigger an overflow by submitting a malformed SEARCH request, resulting in arbitrary instructions. Ipswitch IMail Server and Collaboration Suite (ICS) are prone to multiple buffer-overflow vulnerabilities because these applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions. These versions are reported vulnerable to these issues: Ipswitch Collaboration Suite (ICS) 2006 IMail Premium 2006.2 and 2006.21 Other versions may also be affected. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. This can be exploited to cause stack-based buffer overflows via overly long, quoted or unquoted arguments passed to the command. Successful exploitation allows execution of arbitrary code. Other versions may also be affected. SOLUTION: Grant only trusted users access to the IMAP service. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Secunia Research * ZhenHan Liu, Ph4nt0m Security Team. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Atheros Provided by the company Microsoft Windows The wireless network driver for is vulnerable to the frame handling part. Crafted 802.11 Sending a management frame causes a buffer overflow, resulting in service disruption ( DoS ) You may be attacked. 802.11b, 802.11g, 802.11n Management frames in are not encrypted and do not require authentication to be sent. further, WEP And WPA It has been found that even if wireless communication encryption such as is affected by this vulnerability. Linux And UNIX Used in NDISWrapper And using vulnerable drivers with similar technologies may also be affected.  The driver did not adequately check for malformed management frames, and a remote attacker could trigger an overflow by sending a specially constructed 802.11 management frame that requires no authentication or encryption. Atheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. This issue is reported to affect drivers for the Windows operating system. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. SOLUTION: The vendor has reportedly issued firmware updates (versions 5.3.0.35 and 6.0.3.67 and later) to OEMs. PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT. ORIGINAL ADVISORY: US-CERT VU#730169: http://www.kb.cert.org/vuls/id/730169 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use. platon of phpwebfilemanager Exists in unspecified vulnerabilities.None

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. Hitachi uCosminexus is an application server system.  There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.  Details of the vulnerability are currently unknown. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling SECUNIA ADVISORY ID: SA26250 VERIFY ADVISORY: http://secunia.com/advisories/26250/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From local network SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/ DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software.  There is a vulnerability in the implementation of Hitachi JP1 / Cm2 / Hierarchical Viewer. A remote attacker may use this vulnerability to cause a denial of service.  HV generates an error when processing malformed data, which makes the HV web interface unavailable. Attackers can exploit this issue to cause denial-of-service conditions. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Please see the vendor's advisory for a list of affected versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-021_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. Apple Safari is prone to a weakness that may result in the execution of potentially malicious Java applets. This issue results from a design error. This weakness arises because the application fails to properly check a security setting. Versions prior to Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are vulnerable to this issue. Safari is the WEB browser bundled with the Apple family operating system by default. Safari provides an option to enable Java preferences

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.". ISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.2_p1" Note: In order to utilize the query port randomization to mitigate the weakness, you need to make sure that your network setup allows the DNS server to use random source ports for query and that you have not set a fixed query port via the "query-source port" directive in the BIND configuration. Corrected: 2008-07-12 10:07:33 UTC (RELENG_6, 6.3-STABLE) 2008-07-13 18:42:38 UTC (RELENG_6_3, 6.3-RELEASE-p3) 2008-07-13 18:42:38 UTC (RELENG_7, 7.0-STABLE) 2008-07-13 18:42:38 UTC (RELENG_7_0, 7.0-RELEASE-p3) CVE Name: CVE-2008-1447 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS requests contain a query id which is used to match a DNS request with the response and to make it harder for anybody but the DNS server which received the request to send a valid response. Problem Description The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization. This allows the attacker to influence or control the results of DNS queries being returned to users from target systems. Workaround Limiting the group of machines that can do recursive queries on the DNS server will make it more difficult, but not impossible, for this vulnerability to be exploited. To limit the machines able to perform recursive queries, add an ACL in named.conf and limit recursion like the following: acl example-acl { 192.0.2.0/24; }; options { recursion yes; allow-recursion { example-acl; }; }; V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE or 7-STABLE, or to the RELENG_7_0 or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3 and 7.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 6.3] # fetch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch # fetch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch.asc [FreeBSD 7.0] # fetch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch # fetch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/bind # make obj && make depend && make && make install # cd /usr/src/usr.sbin/named # make obj && make depend && make && make install NOTE WELL: This update causes BIND to choose a new, random UDP port for each new query; this may cause problems for some network configurations, particularly if firewall(s) block incoming UDP packets on particular ports. The avoid-v4-udp-ports and avoid-v6-udp-ports options should be used to avoid selecting random port numbers within a blocked range. NOTE WELL: If a port number is specified via the query-source or query-source-v6 options to BIND, randomized port selection will not be used. Consequently it is strongly recommended that these options not be used to specify fixed port numbers. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/bind9/bin/named/client.c 1.1.1.2.2.5 src/contrib/bind9/bin/named/server.c 1.1.1.2.2.4 src/contrib/bind9/lib/dns/api 1.1.1.2.2.5 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.4 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.3 src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.8 RELENG_6_3 src/UPDATING 1.416.2.37.2.8 src/sys/conf/newvers.sh 1.69.2.15.2.7 src/contrib/bind9/bin/named/client.c 1.1.1.2.2.3.2.1 src/contrib/bind9/bin/named/server.c 1.1.1.2.2.2.2.1 src/contrib/bind9/lib/dns/api 1.1.1.2.2.3.2.1 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.2.2.1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.1.2.1 src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.6.2.1 RELENG_7 src/contrib/bind9/bin/named/client.c 1.1.1.6.2.2 src/contrib/bind9/bin/named/server.c 1.1.1.6.2.2 src/contrib/bind9/lib/dns/api 1.1.1.6.2.2 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.2 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.2 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.2 RELENG_7_0 src/UPDATING 1.507.2.3.2.7 src/sys/conf/newvers.sh 1.72.2.5.2.7 src/contrib/bind9/bin/named/client.c 1.1.1.6.2.1.2.1 src/contrib/bind9/bin/named/server.c 1.1.1.6.2.1.2.1 src/contrib/bind9/lib/dns/api 1.1.1.6.2.1.2.1 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.1.2.1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.1.2.1 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.1.2.1 - ------------------------------------------------------------------------- VII. The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found here: http://wiki.debian.org/SELinux/Issues/BindPortRandomization For the stable distribution (etch), this problem has been fixed in version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is not affected, as subsequent refpolicy releases have incorporated an analogous change. We recommend that you upgrade your refpolicy packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018.orig.tar.gz Size/MD5 checksum: 571487 1bb326ee1b8aea1fa93c3bd86a3007ee http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.diff.gz Size/MD5 checksum: 53515 bd171f0cfa9adc59d451d176fb32c913 http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.dsc Size/MD5 checksum: 859 52bc8ea0cab864e990e9dacc4db3b678 Architecture independent packages: http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 1541610 626c93fc13beaa01ff151d9103a7860b http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 289230 b082a861eda93f9bc06dd2e2f03ba89d http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 1288314 c00ed4f0ea4ddbb8dd945c24c710c788 http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 595490 841f616c8f08b22ed7077c21c1065026 http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 418666 bee3f41fe8771b7b88693937814494a3 These files will probably be moved into the stable distribution on its next update. RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The BIND v9.2.0 updates are available for download from: ftp://ss080058:ss080058@hprc.external.hp.com HP-UX Release - B.11.11 running v9.2.0 BIND Depot name - BIND920v11.tape.depot MD5 Sum - 3b1df46244cb82789498034c31e9c7ef HP-UX Release - B.11.23 running v9.2.0 BIND Depot name - PHNE_37865.depot MD5 Sum - 090356b6c94d9ad3559ae0cf6a7cce6c The BIND v9.3.2 updates are available for download from http://software.hp.com . HP-UX Release - B.11.11 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent HP-UX Release - B.11.23 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent HP-UX Release - B.11.31 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent MANUAL ACTIONS: Yes - NonUpdate For B.11.11 running v9.2.0 install BIND920v11.tape.depot For B.11.23 running v9.2.0 install PHNE_37865.depot PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. In IP NAT filtering in Sun Solaris 10 and OpenSolaris series products, when a DNS server runs NAT, it incorrectly changes the original address of the data packet. When the destination address is a DNS port, it will allow remote attackers to bypass CVE-2008 -1447 security protection. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: dnsmasq: Denial of Service and DNS spoofing Date: September 04, 2008 Bugs: #231282, #232523 ID: 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in dnsmasq might allow for a Denial of Service or spoofing of DNS replies. Background ========== Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. * Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). lead to the redirection of web or mail traffic to malicious sites. Workaround ========== There is no known workaround at this time. Resolution ========== All dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45" References ========== [ 1 ] CVE-2008-3350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350 [ 2 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-622-1 July 08, 2008 bind9 vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.5 Ubuntu 7.04: libdns22 1:9.3.4-2ubuntu2.3 Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2 Ubuntu 8.04 LTS: libdns35 1:9.4.2-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5.diff.gz Size/MD5: 104296 a0aed8a7f9c1a914d9047876547c67d4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5.dsc Size/MD5: 803 795915bcbaf3e0c97f5ca1b541fecbe1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2.orig.tar.gz Size/MD5: 5302112 55e709501a7780233c36e25ccd15ece2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.2-2ubuntu1.5_all.deb Size/MD5: 180736 0ca869db29381743a0aa2acd480c0d36 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 112040 52e0eb5609ddf50411d43f388a04f917 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 311534 80e47bf514a33cad401524d7f43e044b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 184862 d09db412eb19271ecb2cf742a1816b05 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 1130056 50d2a84568a66d6ddf47e95b411fad29 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 92116 c71b74708301acf6a6ecbf608fab5d56 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 557278 63dc3e1e6488e6cff0059d1f3e490682 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 190576 c611f958e1393704d0ba84ed707839b1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 93250 f2005aeb8667d262326bf59d82c69ba1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 109046 4ecb1dbb245b01bddac47ea50e84acfd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 111524 a75c2314434af46dd79be91ba0dba036 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 219944 74b47bf188a3e82200ae564162d61a73 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 108882 b5967775be7b3115c62a4d7f9508b525 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 289854 1873ac12a760a4e14e5b88399658f905 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 175542 ea79ad2e1f210a7e107c90f5770bc806 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 997094 bb0cb2822c28a8e455bf1a928c6d0ef7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 91336 7bd20507d22e86691fb648d12795fc95 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 482908 d20a97bb56024597c1d158ec69b41c14 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 172564 108d61d18f73a8c51913fb1c84260af9 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 90784 3850d2c7f69c31c2d1d013fb862b587d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 102422 6951c7cdfd7a801b249e33648213d6a4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 107234 3d8606e265875294b7e150884be8cee7 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 203328 eb566ef1e4b485523f33271a001b56f9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 110524 1efa8d84b535e465623561c1f678a89c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 303594 9066c6e199c0598b7acd70b561506148 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 181654 c4b4fd9157adf5e449d5df01aef1e7d0 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 1204474 5d029c34854c4fca6b704fce98a74851 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 93418 bb908cbdb8c8028ad2af232f354a0008 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 516882 f8437dfca292d7d1d8b93c6aba2ae73a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 182374 368127ca61e8e8e5bceb49870cd2bd70 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 93604 4e42b14ee385a7c44ee8c1f728cabff7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 106410 f2db82079a9d85e5acb19e39eb2ced31 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 111058 06126f085691f8a2c8358e47f0a2d8d7 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 207816 45a904a0518de2feccc9678f83e4d5ec sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 110620 d5fdd4a4e6e4ea89c4e518f66acecbd1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 301372 e67bc7a6970f534ee5faac384801c895 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 180950 61dfdf0427c07fe2ab35901a64508b5a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 1116008 8be769301060285de28ad3e568dfd647 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 91674 629c0a0296adcdd7f52547eace987c39 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 511130 8c5a1778a9efd974dded9ca0f8225bdd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 181286 40c07c235b00a44aac6bbc28795c2c07 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 91184 8a2e4f0670f934d831c8cd1b40a3fa7a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 103900 80107ec78e4a006784b3a117c05ee1e6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 106762 8951b01a7b2f97aad4a93210d50850da http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 211124 2978354d73f6a9bf7dcd3c96b919eec0 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3.diff.gz Size/MD5: 285716 085d15195d25e9ad690d374e9adaecb0 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3.dsc Size/MD5: 888 9bde4140f2f312c3b4071990f21f5075 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4.orig.tar.gz Size/MD5: 4043577 198181d47c58a0a9c0265862cd5557b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.4-2ubuntu2.3_all.deb Size/MD5: 187788 25ad7fff219ac84a553e40a6c7af840c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 118810 baf5548fa89037279840b4158cf9c4eb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 322984 08a1b75f9a77c618f2e36b0534e1a7be http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 194018 bf92cede850d5f189c8895fdce8141f8 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 1123068 35f889b48402c1bb56c58d2b0f61dbbf http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 96684 98747d65d02a685db5256e417a54870b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 568742 d25c28c00bfc48ec52c18a3f5df8339a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 191858 067227f2f582db56911dbf3236e4aea2 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 97646 ef6f169da9562b22237e6c7a3edbafda http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 112594 cf9a0a5c4a940b4ba2d169c9c081dd9f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 116228 98dd0e9dcf07d0e49f0c4341e775bcf4 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 228496 31efc89af88b933b901d67c61b194ba6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 115168 6797a4d80f8a4196c8a948ad33bc39fe http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 303544 26dd7cd0aaf4712609a619846302ba21 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 184442 7cb775d8fe3051b3ccda2327d1c3083b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 1018542 c0fdcbb4acc613859ce6ab4781762ff7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 95774 5ddb6803f82c9117056a0a5de59aa5d6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 497640 5d71a76c2185fb7631c07ea415037302 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 175420 a07afa38758a587ed0998b5f78629b3b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 96014 bc47e546be9c1fd6a19e9d8d8366ed3d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 108214 686dd4ad9fb4413b7778786d667428e2 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 112700 86c736ba2fae3f194498d5f3f6de7306 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 213620 00fa556825d7defaa4fc45cad2138b02 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 118214 4081aec0d3d622fbc05dc097cf102e4f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 324724 09c0e4862ed9691c2527f755683a8b8c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 194978 b5f813766584254fd824e72baeffc96b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 1169812 34192103d6041b6f50e7dd6551a6dbf1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 98074 06572e8c43b6eeeeba3352ba3b94ce65 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 511582 21cc7a4347b3bb863a7151ad5cf73bd1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 183468 5844029a87c42bc54a547acaff985442 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 98738 2eed8603e4ba78e0b07e4e21df59e93d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 112116 a8f232fa8d8ab6429c57827ca1af13bc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 115894 193a734032dcdbb289fbddb68cb350b5 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 218796 cdc6ccf2614a684ecff0f63f9f96dfe1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 117664 48cc134e0194e3d732e79ca699f8406b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 315270 7bc67be9266eaddfc64138c6c01483bc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 191400 bc4b1922d10028421b14b69bf9d76bb7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 1141834 af414f9bcf9c42d1e52fe8b2069fc83d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 96070 43a9988edc73a9b4fd2ad6e98338a8fc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 513792 55b3d92618f678690e91956b131fa330 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 180638 b24a1a0d2d50b9d2fcba45971d23a7a4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 96248 425e3657f29e865c91be421484089106 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 109716 cddb416bc557fb9cdebc6372312c4350 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 113516 a102110917b6ec739fa2035e1f65e4a6 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 220226 b855b98a0ebde055930e560feec2a3c0 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2.diff.gz Size/MD5: 300771 40cda1f019e548208ef85f9dad5dfeec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2.dsc Size/MD5: 1001 e1318d3386a5d798b700b6d8ed108146 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1.orig.tar.gz Size/MD5: 4987098 683293e3acc85e30f5ca4bba8a096303 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.4.1-P1-3ubuntu2_all.deb Size/MD5: 233584 955901705316670276f41c633020a274 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 46106 8d04ee50411a1d62391209b8ccab5dfd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 278364 1f2de92494c8a7b5e93a53c75cffbb44 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 117148 927ff60a9de441ef3b1a86337c8756a1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 1162042 2d7d3e28b6e8422abc7cdfc41f046c73 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 26006 be5c5f455a5507b9e14b8678dac0f6bb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 552146 97272ff611d594b7346086268e4765ae http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 130934 4135eb09ffb1df2611dc809a682c74df http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 23180 a6afe8f12bf054deca547c2f72d55a66 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 42424 96a32f1fa3f81841fe7085bb01247f6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 41990 c90cb0cac5341fb94c7c959983350dd9 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 167296 61645dfcde5c7543d150d829ed113b0d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 42116 2701dd72510ac551881624a6931069ec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 254750 1300e37afb8268b112ab1718e998d443 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 106990 717db0ad88486bd34c79120f00e02551 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 1040234 db9099b5ac165aaaf6220317d054df8c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 24768 7b5c03984b957dafa6b4bcd981c5af9f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 470404 6a7d265fd0aba23035df443e8b78269b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 113492 685a3b04a9581c29466b67fef742674d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 21570 23a9a67e65a5e2f8dfb836aba5b0ece5 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 36630 cbfc768cbeceb42d104f41307f720688 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 38268 8d71f0b2df12a449fa7c3fd7613ff682 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 150304 f9c7b0ee3d4891b06ef4271c62c292d4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 41828 101a835923e507c0eea60ff08663b1a9 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 250104 87f9678cd733aacc482b1cd7705a820d http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 105740 c5035426f0bf196ad4f34d320e9126a5 http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 1025798 47551ddfeb321fd6ff69805bd3c72cf7 http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 24354 9c8a3f39052994adeb0e1277eb9c96d6 http://ports.ubuntu.com/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 449848 d70baaa8ab74b607cc20ac8befd935b3 http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 108538 e64e03f6db0678366f5ed7931bbb7bd8 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 20936 c735ba0c832279b708b38dd995f90eea http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 35840 6e09afe7daabc2722145eae0ccf64ebb http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 36964 7cf9822533618d4eeaaaaca191081a10 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 146046 3e90eb9276c3c9cd29722b58b44825d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 45228 6f58fdfb1a9464505b63d6ee10bfb499 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 279194 7fb180ca0c0fb2197b6cabcb9e5b87c1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 117336 4a6d45d30c6dfd9b7525e9efeb7cc390 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 1209208 c23a85c019b655f9044207a98c9eb472 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 27166 92bd4c64f9914f63fc59973bc0e73d6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 485638 3c3bff7bcd7df84170d9f45855785f46 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 121410 6eb18c5fee8ef25bfaab05b53a6776d1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 24308 94df6003c7e061d9a1e1cbcc1ed1133d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 41128 a78b1e2958a2cda0347824e2d9eb7815 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 41354 d826c2e80c70c92c54c407fa6458a2d0 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 156660 24840c4483eb81fccfd483843c03fc21 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 44760 ff76458f2f3bc437f975710f0f44350f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 267886 15ae5b64e2d7f0a84610dca3265f36fe http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 114014 18755ede3d638c17c7292bbc0d0b331c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 1180276 a906d2e8f9b40766735895725112fe04 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 25350 e9e7f9b9c5fc4b6bcaad7e36b7a12c21 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 492286 e367b633343c1841f48eeec01f08e494 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 117916 bee4cf76d903bf902a025ea2362cf5ec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 21900 0807caba04fee218b416288eae034b93 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 38438 e11c657acb477041666dd3cccd8bfebc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 39244 da7d911f9a2f97fd6e895736489c22ac http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 156818 cada78841afbf1e0caf13f75eadaba51 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1.diff.gz Size/MD5: 243611 da5389b9c001fc8105edd135c086b13d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1.dsc Size/MD5: 998 2588a42ba49dd2702130d159c1f68d6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2.orig.tar.gz Size/MD5: 5021880 0aa73c66c206de3da10029bf5f195347 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.4.2-10ubuntu0.1_all.deb Size/MD5: 239534 7469deb007e19439a8f5df6a53ecd485 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 47052 24ce8ff319d3a45dc8c572df3bc47ef6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 282744 5d77a9de6d4267405c6c969792a42243 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 116814 2adb81fed8e7d93cfde2ab01f1050d2e http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 1188376 36c0b944f5e23f76ba587e756e7c4bdb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 27208 be7b3257b0eb9014f033b4ead73bb7a7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 550042 268c59c90f72e47690a2f64fccc296c6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 138186 5f08619b4b4198fb6176f4d914e74b54 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 24666 f584f72af33412695ab6cfb81c891ee4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 44570 f63b6e57da24654d0ffc243936a5a153 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 42802 4542b6bea7110e1cbf557346fc5536ad http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 171006 c96cfef97c3950ab59b80a7b1d3aa868 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 44692 62a8e406937a5be466977c5b47f9a659 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 267508 da18e50b8467dbd7730640a09c52d188 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 110460 480313c340c47e5d6f5167c11161daa7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 1065190 6fe78d85bdae7a9970c769dd2d1ebdcf http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 27254 2ba88324a0225ccab2b826dcc2f0f202 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 493370 5916fe8f22b1a19d0dde5f9e9596353f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 125982 26501d011be6c34b7874b19ceabd0148 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 22852 13693beb84952c55cf78f4275c39aba7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 38258 34107c4916cb13ac651d16706e9d9b9a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 40058 443bc171d30e2f262bb8ce2e3bfe885e http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 159118 b31758442a36011d79dde9c485fca1da lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 45254 659ea8656a46bc1265f0bf3049ffc511 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 267536 13c20e925a9a9ae1353b63fde5ce8555 http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 111858 ce4c215e0dfc3a4c1e53b431264becf7 http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 1068570 9680708be2a7840be99f2894234757bf http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 27248 f0a51f7ebaeb86afa2f466c1e4b1b4c0 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 488706 325b144544a6dfd1917210c9a02ec423 http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 122606 316c7a93002a350fa04f7956483c6efe http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 22522 66d3aaa993507238b341578bb534a0aa http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 37670 b58cc5a2d27f02cac5b954cf4cb1cec5 http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 39810 6a5c7b4e2a52a61258d86618f3a27106 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 158506 b2064557c74e536b96d77a707068c933 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 49064 77fb0a3b0c381e9f4cf561240f801e99 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 297108 927db70c3f13cb7642f8e9dfe9d2e378 http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 124214 fb0b53b2b7f5fd750c3ee3785038efea http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 1271364 32f252c1f510f5d0f5f2860a75fccf8b http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 29764 2111df6f219f9e4a421329209eee6489 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 529240 e66e625de5160092f4ac4b9b505bd3ae http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 137960 e581851a0e71ada301415c006e5697d9 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 26412 12e5213a39740e05cdf4ed87dbfd055e http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 43508 b8aab766d691b13f0df8796252bfe7a5 http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 44292 78170e54852c2e28718dd26c72148165 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 171502 0c747e830656e34d4cd5b84f8ee38551 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 46786 2f07cd43ef71146ec839172a9318eb22 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 281936 b97f8461fb12702ffde3b1536e11531c http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 116124 cf6ec9328492c928d5d8064f09d5bcda http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 1178958 f21fed7bb01a12a74061b3cf03000b54 http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 26652 b650866c75829e84f35592fff5d6c950 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 500058 d99f74a53d5b2b6167eae4bd9f56d3ed http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 127824 c93136898c8ce5f8ac90ba46daacc015 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 22688 e69b52b3505b614f95836502f06bd1ac http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 38792 3167cb62f05d65b3971cc90f1093cd6a http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 38984 92a1a25f10ed41b0bd3a25699e5d76ff http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 169952 3656ebd36bb152e7e18c984f0d8a31fe . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-190B Multiple DNS implementations vulnerable to cache poisoning Original release date: July 08, 2008 Last revised: -- Source: US-CERT Systems Affected Systems implementing: * Caching DNS resolvers * DNS stub resolvers Affected systems include both client and server systems, and any other networked systems that include this functionality. Effective attack techniques against these vulnerabilities have been demonstrated. I. Description DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. Examples of these vulnerabilities can be found in Vulnerability Note VU#800113. Recent research into these and other related vulnerabilities has produced extremely effective exploitation methods to achieve cache poisoning. Tools and techniques have been developed that can reliably poison a domain of the attacker's choosing on most current implementations. As a result, the consensus of DNS software implementers is to implement source port randomization in their resolvers as a mitigation. US-CERT is tracking this issue as VU#800113. This reference number corresponds to CVE-2008-1447. II. Impact An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control. III. Solution Apply a patch from your vendor Patches have been released by a number of vendors to implement source port randomization in the nameserver. This change significantly reduces the practicality of cache poisoning attacks. Please see the Systems Affected section of Vulnerability Note VU#800113 for additional details for specific vendors. As mentioned above, stub resolvers are also vulnerable to these attacks. Stub resolvers that will issue queries in response to attacker behavior, and may receive packets from an attacker, should be patched. System administrators should be alert for patches to client operating systems that implement port randomization in the stub resolver. Workarounds Restrict access Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion. Note that restricting access will still allow attackers with access to authorized hosts to exploit this vulnerability. Filter traffic at network perimeters Because the ability to spoof IP addresses is necessary to conduct these attacks, administrators should take care to filter spoofed addresses at the network perimeter. IETF Request for Comments (RFC) documents RFC 2827, RFC 3704, and RFC 3013 describe best current practices (BCPs) for implementing this defense. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate. Run a local DNS cache In lieu of strong port randomization characteristics in a stub resolver, administrators can protect their systems by using local caching full-service resolvers, both on the client systems and on servers that are topologically close on the network to the client systems. This should be done in conjunction with the network segmentation and filtering strategies mentioned above. Disable recursion Disable recursion on any nameserver responding to DNS requests made by untrusted systems. Implement source port randomization Vendors that implement DNS software are encouraged to review IETF Internet Draft, "Measures for making DNS more resilient against forged answers," for additional information about implementing mitigations in their products. This document is a work in progress and may change prior to its publication as an RFC, if it is approved. IV. References * US-CERT Vulnerability Note VU#800113 - <http://www.kb.cert.org/vuls/id/800113> * US-CERT Vulnerability Note VU#484649 - <http://www.kb.cert.org/vuls/id/484649> * US-CERT Vulnerability Note VU#252735 - <http://www.kb.cert.org/vuls/id/252735> * US-CERT Vulnerability Note VU#927905 - <http://www.kb.cert.org/vuls/id/927905> * US-CERT Vulnerability Note VU#457875 - <http://www.kb.cert.org/vuls/id/457875> * Internet Draft: Measures for making DNS more resilient against forged answers - <http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience> * RFC 3833 - <http://tools.ietf.org/html/rfc3833> * RFC 2827 - <http://tools.ietf.org/html/rfc2827> * RFC 3704 - <http://tools.ietf.org/html/rfc3704> * RFC 3013 - <http://tools.ietf.org/html/rfc3013> * Microsoft Security Bulletin MS08-037 - <http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx> * Internet Systems Consortium BIND Vulnerabilities - <http://www.isc.org/sw/bind/bind-security.php> ____________________________________________________________________ US-CERT thanks Dan Kaminsky of IOActive and Paul Vixie of Internet Systems Consortium (ISC) for notifying us about this problem and for helping us to construct this advisory. ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-190B.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-190B Feedback VU#800113" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Description =========== == Several vulnerabilities in safe level == Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3. (These vulnerabilities were reported by Keita Yamaguchi.) == DoS vulnerability in WEBrick == An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request. (This vulnerability was reported by Christian Neukirchen.) == Lack of taintness check in dl == An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions. (This vulnerability was reported by Tanaka Akira.) Affected packages: Pardus 2008: ruby, all before 1.8.7_p72-16-4 ruby-mode, all before 1.8.7_p72-16-4 Pardus 2007: ruby, all before 1.8.7_p72-16-13 ruby-mode, all before 1.8.7_p72-16-4 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ruby ruby-mode Pardus 2007: pisi up ruby ruby-mode References ========== * http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 * http://secunia.com/advisories/31430/ ------------------------------------------------------------------------ -- Pınar Yanardağ http://pinguar.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01503743 Version: 1 HPSBST02350 SSRT080102 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040 NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-07-14 Last Updated: 2008-07-14 Potential Security Impact: Please check the table below Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. References: MS08-037 (CVE-2008-1447, CVE-2008-1454), MS08-038 (CVE-2008-1435), MS08-039 (CVE-2008-2247, CVE-2008-2248), MS08-040 (CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107). SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Storage Management Appliance v2.1 Software running on: Storage Management Appliance I Storage Management Appliance II Storage Management Appliance III BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score -- Not Applicable -- =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins. For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146 For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147 For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148 For patches released by Microsoft in 2006, MS06-001 to MS06-051 refer to Security Bulletin HPSBST02140 The Microsoft patch index archive and further details about all Microsoft patches can be found on the following Web site: http://www.microsoft.com/technet/security/bulletin/summary.mspx NOTE: The SMA must have all pertinent SMA Service Packs applied Windows 2000 Update Rollup 1 Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667 Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. Please install these patches in addition to Windows 2000 Update Rollup 1 for SP4, if they have not been installed already RESOLUTION HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy. NOTE: Patch installation instructions are shown at the end of this table. ------------------------------------------------- MS Patch - MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) Analysis - Patch will run successfully. Action - For SMA v2.1, customers should download patch from Microsoft and install. ------------------------------------------------- MS Patch - MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- Installation Instructions: (if applicable) Download patches to a system other than the SMA Copy the patch to a floppy diskette or to a CD Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA. Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. For more information please refer at the following website: http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&hash=SYSSXDF&displaylang=en PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 14 July 2008 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBSHuXnuAfOvwtKn1ZEQK1JwCg3stqwQ8mf3LcD2QuflMjMZtKvnYAnjnf TEtj6VDp/qFsIXFzdB/JYKQT =eGwf -----END PGP SIGNATURE----- . At this time, it is not possible to implement the recommended countermeasures in the GNU libc stub resolver. The following workarounds are available: 1. Install a local BIND 9 resoler on the host, possibly in forward-only mode. (Other caching resolvers can be used instead.) 2. Rely on IP address spoofing protection if available. This DSA will be updated when patches for hardening the stub resolver are available. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA26195 VERIFY ADVISORY: http://secunia.com/advisories/26195/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote OPERATING SYSTEM: Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux Desktop Workstation (v. 5 client) http://secunia.com/product/13651/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/ RedHat Enterprise Linux AS 3 http://secunia.com/product/2534/ RedHat Enterprise Linux AS 4 http://secunia.com/product/4669/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux ES 3 http://secunia.com/product/2535/ RedHat Enterprise Linux ES 4 http://secunia.com/product/4668/ RedHat Enterprise Linux WS 3 http://secunia.com/product/2536/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux WS 4 http://secunia.com/product/4670/ RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ DESCRIPTION: Red Hat has issued an update for bind. For more information: SA26152 SOLUTION: Updated packages are available from Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2007-0740.html OTHER REFERENCES: SA26152: http://secunia.com/advisories/26152/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . HP TCP/IP Services for OpenVMS 5.7 ECO5 package is available from the following location: The HP TCP/IP Services for OpenVMS 5.7 ECO5 kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com

Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects versions prior to Aruba Mobility Controller 2.5.4.18 and FIPS prior to 2.4.8.6-FIPS. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Certain input passed to the login pages is not properly sanitised before being returned to the user. SOLUTION: Update to the latest patched firmware version. http://www.arubanetworks.com/support PROVIDED AND/OR DISCOVERED BY: The vendor credits Adair Collins and Steve Palmer of HostsPlus, and Nobuhiro Tsuji of NTT DATA SECURITY. ORIGINAL ADVISORY: http://www.arubanetworks.com/support/alerts/aid-070907b.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges. There is a buffer overflow vulnerability in the CAM service when processing malformed user requests. Remote attackers may use this vulnerability to control the server. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Please see the vendor's advisory for more details. CAM (Windows): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89945 CAM(Netware): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89943 PROVIDED AND/OR DISCOVERED BY: IBM ISS X-Force ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp IBM ISS X-Force: http://www.iss.net/threats/272.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Mitigating Factors: None Severity: CA has given this vulnerability a High risk rating. i.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build 54_4) and 1.11 (prior to Build 54_4). Affected Products: Advantage Data Transport 3.0 BrightStor SAN Manager 11.1, 11.5 BrightStor Portal 11.1 CleverPath OLAP 5.1 CleverPath ECM 3.5 CleverPath Predictive Analysis Server 2.0, 3.0 CleverPath Aion 10.0 eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 Unicenter Application Performance Monitor 3.0, 3.5 Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 Unicenter Data Transport Option 2.0 Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 Unicenter Jasmine 3.0 Unicenter Management for WebSphere MQ 3.5 Unicenter Management for Microsoft Exchange 4.0, 4.1 Unicenter Management for Lotus Notes/Domino 4.0 Unicenter Management for Web Servers 5, 5.0.1 Unicenter NSM 3.0, 3.1 Unicenter NSM Wireless Network Management Option 3.0 Unicenter Remote Control 6.0, 6.0 SP1 Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 Unicenter TNG JPN 2.2 Affected Platforms: Windows and NetWare Platforms NOT affected: AIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX, Linux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1, Solaris Intel, Solaris Sparc and UnixWare. Status and Recommendation: CA has made patches available for all affected products. These patches are independent of the CA Software that installed CAM. Simply select the patch appropriate to the platform, and the installed version of CAM, and follow the patch application instructions. You should also review the product home pages on SupportConnect for any additional product specific instructions. Solutions for CAM: Platform Solution Windows QO89945 NetWare QO89943 How to determine if you are affected: Determining CAM versions: Simply running camstat will return the version information in the top line of the output on any platform. The camstat command is located in the bin subfolder of the installation directory. The example below indicates that CAM version 1.11 build 27 increment 2 is running. E:\>camstat CAM – machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16 Determining the CAM install directory: Windows: The install location is specified by the %CAI_MSQ% environment variable. Unix/Linux/Mac: The /etc/catngcampath text file holds the CAM install location. Workaround: The affected listening port can be disabled by creating or updating CAM's configuration file, CAM.CFG, with the following entry under the "*CONFIG" section: *CONFIG cas_port=0 The CA Messaging Server must be recycled in order for this to take effect. We advise that products dependent upon CAM should be shutdown prior to recycling CAM. Once dependent products have been shutdown, CAM can be recycled with the following commands: On Windows: camclose cam start On NetWare: load camclose load cam start Once CAM has been restarted, any CAM dependent products that were shutdown can be restarted. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFGpqCHeSWR3+KUGYURAt6DAJ0YpnaiwrNfhhQlvdvL28LYxBYbZgCfRpKQ pNdOPBvd1/BVRF6Lo65uo2o= =7w0f -----END PGP SIGNATURE-----

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. Multiple Computer Associates products are prone to a denial-of-service vulnerability because the applications fail to handle malformed CHM files. Successfully exploiting this issue will cause the affected applications to stop responding, denying service to legitimate users. This issue affects applications that use the 'arclib.dll' library versions prior to 7.3.0.9. The Arclib.DLL library in eTrust products has a security vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities CA Vuln ID (CAID): 35525, 35526 CA Advisory Date: 2007-07-24 Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put <pucik at overflow dot pl> working with the iDefense VCP. CVE-2007-3875 - An anonymous researcher working with the iDefense VCP. Sergio Alvarez of n.runs AG also reported these issues. Impact: A remote attacker can cause a denial of service. Summary: CA products that utilize the Arclib library contain two denial of service vulnerabilities. The second vulnerability, CVE-2006-5645, is due to an application hang when processing a specially malformed RAR file. Mitigating Factors: None Severity: CA has given these vulnerabilities a Medium risk rating. Affected Products: CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.0, 7.1, r8, r8.1 CA Anti-Virus 2007 (v8) eTrust EZ Antivirus r7, r6.1 CA Internet Security Suite 2007 (v3) eTrust Internet Security Suite r1, r2 eTrust EZ Armor r1, r2, r3.x CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus Gateway) 7.1 CA Protection Suites r2, r3 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1, 8.0 CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1 CA Anti-Spyware 2007 Unicenter Network and Systems Management (NSM) r3.0, r3.1, r11, r11.1 BrightStor ARCserve Backup v9.01, r11 for Windows, r11.1, r11.5 BrightStor Enterprise Backup r10.5 BrightStor ARCserve Client agent for Windows eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1 CA Common Services (CCS) r11, r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) Status and Recommendation: CA has provided an update to address the vulnerabilities. The updated Arclib library is provided in automatic content updates with most products. Ensure that the latest content update is installed. In the case where automatic updates are not available, use the following product specific instructions. CA Secure Content Manager 1.1: Apply QO89469. CA Secure Content Manager 8.0: Apply QO87114. Unicenter Network and Systems Management (NSM) r3.0: Apply QO89141. Unicenter Network and Systems Management (NSM) r3.1: Apply QO89139. Unicenter Network and Systems Management (NSM) r11: Apply QO89140. Unicenter Network and Systems Management (NSM) r11.1: Apply QO89138. CA Common Services (CCS) r11: Apply QO89140. CA Common Services (CCS) r11.1: Apply QO89138. CA Anti-Virus Gateway 7.1: Apply QO89381. eTrust Intrusion Detection 2.0 SP1: Apply QO89474. eTrust Intrusion Detection 3.0: Apply QO86925. eTrust Intrusion Detection 3.0 SP1: Apply QO86923. CA Protection Suites r2: Apply updates for CA Anti-Virus 7.1. BrightStor ARCserve Backup and BrightStor ARCserve Client agent for Windows: Manually replace the arclib.dll file with the one provided in the CA Anti-Virus 7.1 fix set. 1. Locate and rename the existing arclib.dll file. 2. Download the CA Anti-Virus 7.1 patch that matches the host operating system. 3. Unpack the patch and place the arclib.dll file in directory where the existing arclib.dll file was found in step 1. 4. Reboot the host. CA Anti-Virus 7.1 (non Windows): T229327 – Solaris – QO86831 T229328 – Netware – QO86832 T229329 – MacPPC – QO86833 T229330 – MacIntel – QO86834 T229331 – Linux390 – QO86835 T229332 – Linux – QO86836 T229333 – HP-UX – QO86837 CA Anti-Virus 7.1 (Windows): T229337 – NT (32 bit) – QO86843 T229338 – NT (AMD64) – QO86846 CA Threat Manager for the Enterprise r8.1 (non Windows): T229334 – Linux – QO86839 T229335 – Mac – QO86828 T229336 – Solaris – QO86829 How to determine if you are affected: For products on Windows: 1. Using Windows Explorer, locate the file “arclib.dll”. By default, the file is located in the “C:\Program Files\CA\SharedComponents\ScanEngine” directory(*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated in the table below, the installation is vulnerable. File Name File Version arclib.dll 7.3.0.9 *For eTrust Intrusion Detection 2.0 the file is located in “Program Files\eTrust\Intrusion Detection\Common”, and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in “Program Files\CA\Intrusion Detection\Common”. For CA Anti-Virus r8.1 on non-Windows: Use the compver utility provided on the CD to determine the version of arclib.dll. The same version information above applies. Workaround: None References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Security Notice for CA Products Containing Arclib http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot .asp Solution Document Reference APARs: QO89469, QO87114, QO89141, QO89139, QO89140, QO89138, QO89140, QO89138, QO89381, QO89474, QO86925, QO86923, QO86831, QO86832, QO86833, QO86834, QO86835, QO86836, QO86837, QO86843, QO86846, QO86839, QO86828, QO86829 CA Security Advisor posting: CA Products Arclib Library Denial of Service Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847 CA Vuln ID (CAID): 35525, 35526 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35525 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35526 Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put <pucik at overflow dot pl> working with the iDefense VCP. CVE-2007-3875 - An anonymous researcher working with the iDefense VCP. Sergio Alvarez of n.runs AG also reported these issues. iDefense advisories: Computer Associates AntiVirus CHM File Handling DoS Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 CVE References: CVE-2006-5645, CVE-2007-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3875 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFGpp9beSWR3+KUGYURAplHAJ4paEd/cX+2AxdBWfnw2zhfjAGQwACfW+mo tCqbonQi4DvtQ9a45c65y70= =o8Ac -----END PGP SIGNATURE----- . BACKGROUND eTrust is an antivirus application developed by Computer Associates. More information can be found on the vendor's website at the following URL. http://www3.ca.com/solutions/product.aspx?ID=156 II. DESCRIPTION Remote exploitation of a denial of Service (DoS) vulnerability in Computer Associates Inc.'s eTrust Antivirus products could allow attackers to create a DoS condition on the affected computer. III. ANALYSIS This denial of service attack will prevent the scanner from scanning other files on disk while it is stuck on the exploit file. The hung process can be quit by the user and does not consume all system resources. IV. DETECTION iDefense has confirmed this vulnerability in eTrust AntiVirus version r8. Previous versions of eTrust Antivirus are suspected vulnerable. Other Computer Associates products, as well as derived products, may also be vulnerable. V. WORKAROUND iDefense is not aware of any workarounds for this issue. VI. VENDOR RESPONSE Computer Associates has addressed this vulnerability by releasing updates. More information is available within Computer Associates advisory at the following URL. http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3875 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 01/16/2007 Initial vendor notification 01/17/2007 Initial vendor response 07/24/2007 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. scanning a specially crafted RAR archive. Please see the vendor's advisory for details. 2) The vendor credits Titon of BastardLabs and Damian Put, reported via iDefense Labs. ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). This allows a second WLC to reprocess the ARP request and incorrectly re-forward the inclusion back to the network. This vulnerability is documented as CSCsj69233. In the case of Layer 3 (L3) roaming, wireless clients move from one controller to another, and the wireless LAN interfaces configured on different controllers are in different IP subnets. In this case, the unicast ARP may not be tunneled back to the anchor controller, but sent by the external controller to its native VLAN. This vulnerability is documented as CSCsj70841

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. There is a vulnerability in the WLC's handling of unicast ARP traffic, and the LAN link between the wireless LAN controllers in the mobility group may be flooded with unicast ARP requests. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). If multiple WLCs are installed on the corresponding VLAN, it will cause an ARP storm. This vulnerability is documented as CSCsj50374

The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. (1) DoAttachVideoSender function (2) DoAttachVideoReceiver function (3) DoAttachAudioSender function (4) DoAttachAudioReceiver function. Ipswitch Instant Messaging Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected network data. Successfully exploiting this issue allows remote attackers to crash the IM service, denying further instant messages for legitimate users. Ipswitch IM Server 2.0.5.30 is vulnerable; other versions may also be affected. Ipswitch Instant Messaging is the instant messaging software bundled in the Ipswitch collaboration component. The vulnerable code can be reached through the following functions: DoAttachVideoSender DoAttachVideoReceiver DoAttachAudioSender DoAttachAudioReceiver. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is reported in version 2.0.5.30. SOLUTION: Update to version 2.0.7. http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous researcher and reported via iDefense. ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor.". Ipswitch IMail Server 2006 There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.Service disruption by a third party ( Daemon crash ) There is a possibility of being put into a state. Imail Server is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows SECUNIA ADVISORY ID: SA26123 VERIFY ADVISORY: http://secunia.com/advisories/26123/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server and Collaboration Suite, which can be exploited by malicious users and malicious people to compromise a vulnerable system. 1) A boundary error in the processing of the IMAP "SEARCH" command can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code, but requires a valid user account. 2) A boundary error in the processing of the IMAP "SEARCH CHARSET" command can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code, but requires a valid user account. Vulnerabilities #1 and #2 are reported in version 6.8.8.1 of imapd32.exe. Prior versions may also be affected. 3) A boundary error in Imailsec can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code. 4) A boundary error in "subscribe" can be exploited to cause a buffer overflow. No further information is currently available. Vulnerabilities #3 and #4 are reported in Ipswitch IMail Server and Collaboration Suite prior to version 2006.21. SOLUTION: Update to IMail Server version 2006.21. http://www.ipswitch.com/support/imail/releases/im200621.asp Update to Ipswitch Collaboration Suite 2006.21. http://www.ipswitch.com/support/ics/updates/ics200621.asp PROVIDED AND/OR DISCOVERED BY: 1) Manuel Santamarina Suarez, reported via iDefense Labs. 2) An anonymous person, reported via iDefense Labs. 3, 4) The vendor credits TippingPoint and the Zero Day Initiative. ORIGINAL ADVISORY: IPSwitch: http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.ipswitch.com/support/ics/updates/ics200621.asp iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. " Residual information " Can be hijacked in the session. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Note: This is a belated release to the mailing lists (though most of the tracking services picked this up via the Citrix advisory)... -- History -- Discovered: 05.09.06 (Martin O'Neal) Vendor notified: 19.10.06 Document released: 20.07.07 -- Overview -- Citrix Access Gateways are described [1] as "universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's applications and data". Amongst other features, the product provides a web portal to corporate applications and resources. -- Analysis -- The web portal interface incorporates a collection of .NET scripts, which utilise a session ID contained within cookies. During the authentication sequence the user session is redirected via a HTTP meta refresh header in an HTML response. The browser subsequently uses this within the next GET request (and the referer header field of the next HTTP request), placing the session ID in history files, and both client and server logs. The use of the session ID within the HTML content is made worse by the application not setting the HTTP cache control headers appropriately, which can lead to the HTML content being stored within the local browser cache. Where this is a particularly problem, is where the web portal is accessed from a shared or public access terminal, such as an Internet Caf,; the very environment that this type of solution is intended for. Strong authentication technology, such as SecurID 2FA, does not protect against this style of attack, as the session ID is generated after the strong authentication process is completed. -- Recommendations -- Review the recommendations in the Citrix alert [2]. Until the product is upgraded, consider reviewing you remote access policy to restrict the use of the product in shared-access environments. -- CVE -- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-0011 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardises names for security problems. -- References -- [1] http://www.citrix.com/English/ps2/products/product.asp?contentID =15005 [2] http://support.citrix.com/article/CTX113814 -- Revision -- a. Initial release. b. Released. -- Distribution -- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information. -- Disclaimer -- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information. -- About Corsaire -- Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research. A free guide to selecting a security assessment supplier is available at http://www.penetration-testing.com Copyright 2006-2007 Corsaire Limited. All rights reserved. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. This vulnerability CVE-2007-3679 And may overlap.Details of the impact of this vulnerability are unknown. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. This can be exploited to e.g. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------