VARIoT IoT vulnerabilities database

The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions. The SizerOne ActiveX control used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "SAP GUI is SAP's universal client for accessing SAP functionality in SAP applications such as - SAP ERP, SAP Business Suite (SAP CRM, SAP SCM and SAP PLM), SAP Business Intelligence and so on. SAP GUI functions like a browser. It gets information from the SAP server like what, where, when and how, to display contents in its window.". Users can also set the kill-bit manually by following the procedure explained in SAP note 1092631. ====================================================================== Secunia Research 07/01/2009 - ComponentOne SizerOne ActiveX Control Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * ComponentOne SizerOne 8.0.20081.140 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "ComponentOne SizerOne 8.0 is a four-in-one tool that includes two resizing controls to easily handle both simple and complex sizing. The tabbing control enables you to quickly create notebook-style and Microsoft Outlook-style tabs. And with the parsing control, you can automatically slice and dice strings." Product Link: http://www.componentone.com/SuperProducts/SizerOne/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ====================================================================== 5) Solution Update to version 8.0.20081.142 of the ActiveX control. ====================================================================== 6) Time Table 13/11/2008 - Vendor notified. 19/11/2008 - Vendor response. 25/11/2008 - Vendor informs that vulnerability has been fixed and offers to provide test version. 26/11/2008 - Copy of fixed test version requested. 01/12/2008 - Test version provided by the vendor. 02/12/2008 - Vendor informed that patch fixes vulnerability nicely. 02/12/2008 - Vendor informs that fix will be available within a week. 05/01/2008 - Status update requested. 05/01/2008 - Vendor informs that fix has been made available. 07/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-4827 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-52/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-53/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. The problem is BagID:CSCsj70093 It is a problem. A remote attacker may exploit this issue to crash the vulnerable DNS server, resulting in a denial-of-service condition. This issue is documented in Cisco Bug ID CSCsj70093. The following are vulnerable to this issue when running system software prior to version 3.0(1): Cisco GSS 4480 Global Site Selector Cisco GSS 4490 Global Site Selector Cisco GSS 4491 Global Site Selector Cisco GSS 4492R Global Site Selector. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml Affected Products ================= All versions of GSS system software prior to 3.0(1) are affected by this vulnerability. If the GSS is configured with the optional Cisco Network Registrar (CNR) software, the device is not vulnerable. The version is indicated on the line starting with Version. Version 2.0(1) Uptime: 19 Hours 18 Minutes and 14 seconds gss.cisco.com# In order to determine if CNR is enabled on the GSS device, users should log in to the device and issue the show running-config | grep cnr command to display the system CNR configuration. If CNR is enabled, cnr enable will be displayed in the output. If CNR is disabled, no cnr enable will be displayed. Details ======= The Cisco GSS platform allows customers to leverage global content deployment across multiple distributed and mirrored data locations, optimizing site selection, improving Domain Name System (DNS) responsiveness, and ensuring data center availability. The GSS is inserted into the traditional DNS hierarchy and is closely integrated with the Cisco CSS, Cisco Content Switching Module (CSM), or third-party server load balancers (SLBs) to monitor the health and load of the SLBs in customers data centers. The GSS uses this information and user-specified routing algorithms to select the best-suited and least-loaded data center in real time. When the DNS server crashes, an error message will appear in the logs similar to the following example: Dec 18 04:47:21 gss NMR-6-LAUNCHSVR_EXIT[27261] dnsserver' has exited [ExitUnknown(139)]" This vulnerability is documented in Cisco Bug ID: CSCsj70093 This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3819. Vulnerability Scoring Details ============================== Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsj70093: GSS DNS service may crash when processing specific DNS requests. CVSS Base Score - 7.8 Access Vector : Network Access Complexity : Low Authentication : None Confidentiality Impact: None Integrity Impact : None Availability Impact : Complete CVSS Temporal Score - 6.4 Exploitability : Functional Remediation Level : Official-Fix Report Confidence : Confirmed Impact ====== Successful exploitation of the vulnerability may result in a crash of the GSS DNS service. Repeated exploitation may result in a sustained denial of service (DoS) attack. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +---------------------------------------+ | GSS | First Fixed | Recommended | | Major | Release | Release | | Version | | | |---------+---------------+-------------| | | Vulnerable; | | | 1.x(y) | Migrate to | 3.0(2) | | | 3.0(1) or | | | | later | | |---------+---------------+-------------| | | Vulnerable; | | | 2.x(y) | Migrate to | 3.0(2) | | | 3.0(1) or | | | | later | | |---------+---------------+-------------| | 3.x(y) | Not | | | | Vulnerable | | +---------------------------------------+ GSS fixed system software is available for download from http://www.cisco.com/cgi-bin/tablebuild.pl/gss-3des?psrtdcat20e2 Workarounds =========== A workaround for this vulnerability includes setting the property "ServerConfig.dnsserver.returnError" to disabled (or zero). The following example shows how to set the property to disabled. It is enabled by default: GSS#config terminal GSS(config)#$sserver.returnError 0 GSS(config)#property set ServerConfig.dnsserver.returnError 0 GSS(config)#exit GSS#write memory Note: Negative responses (NXDOMAIN and NODATA) will not be sent out by the GSS with this setting disabled. Also, by using the DNS server statistics (show statistics dns global), it will not be possible to differentiate between the NXDOMAIN or NODATA mismatches because both of these will increment the DNSQueriesUnmatched counter. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is aware of active exploitations where malicious use of the vulnerability described in this advisory has occurred. This vulnerability was discovered by investigating customer TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-07 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAklk0GkACgkQ86n/Gc8U/uC6pgCcCgB77Z4FQULx2eaebHFGykP5 9f4AoIpdxXVA12D+KcCAxNZphQk/ICNc =YvIZ -----END PGP SIGNATURE-----

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. An attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites. Other attacks are also possible. Releases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL incorrectly checks for malformed signatures Category: contrib Module: openssl Announced: 2009-01-07 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-5077 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. This is only a problem for DSA and ECDSA keys. III. Impact For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack. Other applications which use the OpenSSL EVP API may similarly be affected. IV. Workaround For a server an RSA signed certificate may be used instead of DSA or ECDSA based certificate. Note that Mozilla Firefox does not use OpenSSL and thus is not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libssl # make obj && make depend && make && make install # cd /usr/src/secure/usr.bin/openssl # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/apps/speed.c 1.13.2.1 src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/crypto/openssl/apps/speed.c 1.13.12.1 src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/crypto/openssl/apps/speed.c 1.13.10.1 src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 RELENG_7 src/crypto/openssl/apps/speed.c 1.15.2.1 src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/crypto/openssl/apps/speed.c 1.15.6.1 src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/crypto/openssl/apps/speed.c 1.15.4.1 src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r186873 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872 - ------------------------------------------------------------------------- VII. For the stable distribution (etch), this problem has been fixed in version 0.9.8c-4etch4 of the openssl package, and version 0.9.7k-3.1etch2 of the openssl097 package. For the unstable distribution (sid), this problem has been fixed in version 0.9.8g-15. The testing distribution (lenny) will be fixed soon. We recommend that you upgrade your OpenSSL packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch2.dsc Size/MD5 checksum: 1069 fb69818a28ead5b3026dcafc1f5e92d5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4.diff.gz Size/MD5 checksum: 56230 ad913155fe55d659741976a1be02ee48 http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz Size/MD5 checksum: 3292692 be6bba1d67b26eabb48cf1774925416f http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch2.diff.gz Size/MD5 checksum: 34518 845a986c8a5170953c1e88c2d9965176 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4.dsc Size/MD5 checksum: 1107 fd0b477d237c473e3f1491e8821b155d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_alpha.deb Size/MD5 checksum: 2561904 e0499757c84819b0cb4919de45e733c4 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_alpha.deb Size/MD5 checksum: 3822008 a63ea4834f1be21cf7dacd7a60817914 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_alpha.deb Size/MD5 checksum: 2209796 1d008a2d9fcb466c0e1393fd6cf1dced http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_alpha.deb Size/MD5 checksum: 4558410 af0dcd956ae91457c01c5152bea8c775 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_alpha.deb Size/MD5 checksum: 1026098 957ee2ef34a7aa24c41903eea6d1db51 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_alpha.deb Size/MD5 checksum: 2621108 d42a2d70f27723a8dc9aab1dfb83ad10 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_alpha.udeb Size/MD5 checksum: 677162 039dd8968e77f09312fc4e502601b6fe amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_amd64.deb Size/MD5 checksum: 891116 0d771317a58430e6ecea1e38e6889ef4 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_amd64.udeb Size/MD5 checksum: 580208 f08c5d2e4649dd9f077b440d3cd35963 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_amd64.deb Size/MD5 checksum: 1655264 ec946f04aa2fae3a001be8c7ae330839 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_amd64.deb Size/MD5 checksum: 753788 e5521b844646e69b1b8f2daa872b83b8 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_amd64.deb Size/MD5 checksum: 992378 417077b8de5a56b9dad0667f2ab5b6e2 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_amd64.deb Size/MD5 checksum: 2178820 effca1afcd65d7e418f3cb75dd875b1d http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_amd64.deb Size/MD5 checksum: 1326428 670a34f7c39343a7939ba43c4658821c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_hppa.deb Size/MD5 checksum: 1586088 66b4b504f0e67fc74c9a98e1f6e8cbac http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_hppa.deb Size/MD5 checksum: 1274896 2dc2191758d272e05461f574bd50031b http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_hppa.deb Size/MD5 checksum: 1030994 cfe12740f5f0492a05646851dc042ba8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_hppa.deb Size/MD5 checksum: 945354 e001f9834b3a7fbfd69963118afc7922 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_hppa.deb Size/MD5 checksum: 793836 489e8472b5b300e2627cd25be399f42f http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_hppa.udeb Size/MD5 checksum: 631120 18fb83375c2b5a6689703c1219ad4f65 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_hppa.deb Size/MD5 checksum: 2248436 0c045e8c6dcc0ee3e89d1808b3818eed i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_i386.deb Size/MD5 checksum: 2285788 a1b0456725a0ca95457c74672a235097 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_i386.deb Size/MD5 checksum: 1015498 04dd57145bc4d8fbd728bba329e7dc72 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_i386.udeb Size/MD5 checksum: 554698 e30b6a20efd74af8bbd5bfb5e9241113 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_i386.deb Size/MD5 checksum: 2721068 abec8c0872781f622454d14ae4e39bad http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_i386.deb Size/MD5 checksum: 4646314 e0a3f1a4d622f7a6a8886bb1bdf56bbe http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_i386.deb Size/MD5 checksum: 2094162 fe95acfa9d541760bbb0c0ed86982bcb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_i386.deb Size/MD5 checksum: 5582804 aa194f9d43a3890d810e81086b4ee473 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_ia64.deb Size/MD5 checksum: 1263564 be2a79505ff0ae08e19c8ceeafdf7a08 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_ia64.deb Size/MD5 checksum: 2593624 3a198fb3a4a51e81340d2a1175766c91 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_ia64.deb Size/MD5 checksum: 1569658 4dbd1a9c3f4d0fe2b8906a8555e26105 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_ia64.deb Size/MD5 checksum: 1071264 45a62ed67f0ad2168cab559b45aa7de6 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_ia64.deb Size/MD5 checksum: 1192358 c28adf2245854e3b368d7f88590fc730 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_ia64.udeb Size/MD5 checksum: 801742 ce515f87f93a6364b22f94c5840a4729 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_ia64.deb Size/MD5 checksum: 1010004 4222d05c1eb0ce929c68f7c8cc11ecd3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_mips.deb Size/MD5 checksum: 1693440 29a8f61c5cfb619d20235fb91cf9ff3b http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_mips.udeb Size/MD5 checksum: 580128 fc3af402963b6fa4d24b89a4afcd8bc3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_mips.deb Size/MD5 checksum: 876210 f87b4773e3c70539302f5af3b51800b9 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_mips.deb Size/MD5 checksum: 993434 02a232c80759b81c67df2e6e6a2cca26 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_mips.deb Size/MD5 checksum: 2258938 be0d32157248efd6f87f450630ce22ef mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_mipsel.deb Size/MD5 checksum: 992856 85a14404d0cae1d5100721d014d5ee29 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_mipsel.deb Size/MD5 checksum: 2255990 1bd0adee660543138600882fc2e42d81 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_mipsel.deb Size/MD5 checksum: 1649560 22c06f600378978e094230c172db8ca4 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_mipsel.deb Size/MD5 checksum: 860700 bc11dc6212a74c8ca4bf6d314f929dff http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_mipsel.deb Size/MD5 checksum: 718942 4ad8442b8812dfe2fd4fcbe06591c3c2 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_mipsel.deb Size/MD5 checksum: 1317060 1d35b7e67204b5b31ab16c2514c69e02 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_mipsel.udeb Size/MD5 checksum: 566226 1300061de87860cdf5ecfaeb26839c5f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_powerpc.deb Size/MD5 checksum: 743386 7e189844da3112f289ff8f96458b7d6e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_powerpc.deb Size/MD5 checksum: 1002204 24f2f0ec4aa965ff9057f7055322b70e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_powerpc.deb Size/MD5 checksum: 1728492 6074f055c8257f19962341a29c0dc1c2 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_powerpc.deb Size/MD5 checksum: 1382114 41b6f5900e7a6361625a7fde3329d389 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_powerpc.deb Size/MD5 checksum: 895634 495901098cb75b870810b6abcb82c187 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_powerpc.deb Size/MD5 checksum: 2210874 5b27bc4f2f2fc1c15957242a383b9921 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_powerpc.udeb Size/MD5 checksum: 585332 5cb7f5d282dd56d2825253006fc4ac29 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_s390.deb Size/MD5 checksum: 1317066 0e843e8f68a84557d8f9306c61609283 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_s390.deb Size/MD5 checksum: 2193894 d3d5eeb042d82e5b383177e08136b3cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_s390.deb Size/MD5 checksum: 951570 621f50aae93efdd5c31a94071e93eaa9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_s390.deb Size/MD5 checksum: 1633204 4e6a635c45caa90a0f28f58286b5b2bf http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_s390.deb Size/MD5 checksum: 1014480 639c707aed6efc331f1c3b6b14322ee0 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_s390.deb Size/MD5 checksum: 794236 3bc1224270f26fb7b85eae99b18a1e97 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_s390.udeb Size/MD5 checksum: 643020 41a09437ea5130fe0daed09edd4e6423 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_sparc.udeb Size/MD5 checksum: 539054 4807d481d7878ea7032d7aa9747e95e0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_sparc.deb Size/MD5 checksum: 2124310 91c54b669eae9e38ae65486d5f082c6b http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_sparc.deb Size/MD5 checksum: 3418866 a6805a9c7125b04e0c226b2a90c9d5d2 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_sparc.deb Size/MD5 checksum: 1801340 af40fbabcf27d1c8a81d18f3e3d4ac4d http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_sparc.deb Size/MD5 checksum: 2113338 c5e7dd09e9c4133e9a06a286ace5b7ed http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_sparc.deb Size/MD5 checksum: 1020946 713c98cac975ec8c0c64c96812353f82 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_sparc.deb Size/MD5 checksum: 4089498 b1c0f345c3d51a9dea6dd07a003e6e4e These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01706219 Version: 1 HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-03-31 Last Updated: 2009-03-30 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to allow an unauthorized access. References: CVE-2008-5077 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score CVE-2008-5077 (AV:R/AC:L/Au:N/C:N/I:P/A:N) 5.0 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has provided the following patches to resolve this vulnerability. The patches are available from the following location: URL: http://software.hp.com HP-UX Release HP-UX OpenSSL version B.11.11 (11i v1) A.00.09.07m.046 B.11.23 (11i v2) A.00.09.07m.047 B.11.31 (11i v3) A.00.09.08j.003 MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.046 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.001 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.07m.046 or subsequent URL: http://software.hp.com HP-UX B.11.23 ================== fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.047 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.002 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.07m.047 or subsequent URL: http://software.hp.com HP-UX B.11.31 ================== fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.048 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.003 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08j.003 or subsequent URL: http://software.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 31 March 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBSdNBjeAfOvwtKn1ZEQI07wCg4iu1Jn5I5OInhZq8nYL+a/9MT2UAoPGR gTd3Vf2bK3bnrFOIBFl0/t75 =vt7j -----END PGP SIGNATURE----- . This bug allows a malformed signature to be treated as a good signature rather than as an error. A patch fixing the issue with proper return code checking and further important recommendations are described in the original OpenSSL Team advisory. At the request of the OpenSSL team, oCERT has aided in the remediation coordination for other projects with similar API misuse vulnerabilities. In addition to EVP_VerifyFinal, the return codes from DSA_verify and DSA_do_verify functions were being incorrectly validated, and packages doing so are affected in a similar fashion as OpenSSL. NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development) Sun GridEngine <= 5.3 Gale <= 0.99 OpenEvidence <= 1.0.6 Belgian eID middleware - eidlib <= 2.6.0 [2] Freedom Network Server <= 2.x The following packages were identified as affected by a vulnerability similar to the OpenSSL one, as they use OpenSSL DSA_verify function and incorrectly check the return code. BIND <= 9.4.3 Lasso <= 2.2.1 ZXID <= 0.29 1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose certificate uses an RSA key is NOT affected. Verification of client certificates by OpenSSL servers for any key type is NOT affected. 2 - Belgian eID middleware latest versions are not available in source form, therefore we cannot confirm if they are affected Fixed version: OpenSSL >= 0.9.8j NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development) Sun GridEngine >= 6.0 Gale N/A OpenEvidence N/A Belgian eID middleware - eidlib N/A Freedom Network Server N/A BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1 Lasso >= 2.2.2 ZXID N/A Credit: Google Security Team (for the original OpenSSL issue). CVE: CVE-2008-5077 (OpenSSL), CVE-2009-0021 (NTP), CVE-2009-0025 (BIND) Timeline: 2008-12-16: OpenSSL Security Team requests coordination aid from oCERT 2008-12-16: oCERT investigates packages affected by similar issues 2008-12-16: contacted affected vendors 2008-12-17: investigation expanded to DSA verification 2008-12-17: BIND, Lasso and ZXID added to affected packages 2008-12-18: contacted additional affected vendors 2009-01-05: status updates and patch dissemination to affected vendors 2009-01-05: confirmation from BIND of issue and fix 2009-01-06: requested CVE assignment for BIND 2009-01-07: advisory published References: http://openssl.org/news/secadv_20090107.txt Links: http://openssl.org/ http://www.ntp.org/ http://gridengine.sunsource.net/ http://gale.org/ http://www.openevidence.org/ http://eid.belgium.be/ http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/ https://www.isc.org/products/BIND http://lasso.entrouvert.org/ http://www.zxid.org/ Permalink: http://www.ocert.org/advisories/ocert-2008-016.html -- Will Drewry <redpig@ocert.org> oCERT Team :: http://ocert.org . Background ========== ntp contains the client and daemon implementations for the Network Time Protocol. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Certificate validation error Date: February 12, 2009 Bugs: #251346 ID: 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in the OpenSSL certificate chain validation might allow for spoofing attacks. Impact ====== A remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j" References ========== [ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-704-1 January 07, 2009 openssl vulnerability CVE-2008-5077 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.6 openssl 0.9.8a-7ubuntu0.6 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.3 openssl 0.9.8e-5ubuntu3.3 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.4 openssl 0.9.8g-4ubuntu3.4 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.1 openssl 0.9.8g-10.1ubuntu2.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6.diff.gz Size/MD5: 50783 396d2184fcb5130f410d08abc6b7330c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6.dsc Size/MD5: 822 64ee2faa7018f771f6ebe9d46f3b0a99 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_amd64.udeb Size/MD5: 571736 e7a9c7893a6d858465b9baae1de69de6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 2167724 ec495fd3402eb1dec0a1ce6594bdb7b3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 1682634 9e310c2bcd01bfe4c0c5992252741a6a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 875434 cb8096f3befae3931c17ccbb0ccf0496 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 984764 214c03461736f5b2ed744069d833db86 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_i386.udeb Size/MD5: 509508 df64bbeaa01e1e3128ecf319e8bdcd52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 2024104 130c24c04244403953e63f77b52f4f38 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 5053036 1e9f9310bc70e06f96d93b486d2fc486 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 2595612 57b9b8fa2e9aa7e327ec77ce5ac6d422 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 976318 b1cc97035bec3309bbbe270da1a5a5e8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_powerpc.udeb Size/MD5: 557892 c4e0970fc419674173fb6b0e299c91c8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 2181796 46a9ea8bf00476fd33d598ceca33c84f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 1727402 2cc9be011c97e233490445696341aaec http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 861910 0e58b30e47c25a46f112d6481a1c5a35 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 980576 f2855029ed59ed4b7226cb2fe06e3f7e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_sparc.udeb Size/MD5: 530818 d7d206110c0dbb2c4e7298f6b9303af1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 2093166 78a7da03db8f01a3b6d7dfba5fb44198 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 3942670 8ee3f109488992bb0d01d06e4088ff30 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 2091522 ea6cf49b21d8ba82ab24af3ee567068b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 988638 ce46e30741dacb282c4f1b446f84ab23 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3.diff.gz Size/MD5: 58877 e62d5901d69b5b871f90e04d9acf521e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3.dsc Size/MD5: 958 b1c17ee608e6bc7d07fa4623201f3a7c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_amd64.udeb Size/MD5: 608584 c481816fbc6c299a00b80a3cb4af246f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 2065274 c4a1d6af5d0f1190052e6a3c758e9abb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 1644192 aa30118c7c95dcfe5556ec12d7add5d6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 929024 6d28c88e967291c00764b22831b8924e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 877802 84c0139ce5dd16fb927ad358e7381548 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_i386.udeb Size/MD5: 571798 c607dc9f23b135daff01e22504c16fab http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 1943350 19f8d4104d2e295ba4a2f439f44e20ee http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 5520624 a21d311ccde9661b3e8f06ba55cbef3e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 2825690 c3c7d55d3795d52b06284f0caa99d3a1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 872044 aeb4f6b72d07cc2a976a18cf93a367dd lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_lpia.udeb Size/MD5: 537248 b07db5071f9ff8914a2d40d6e20ffb41 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 1922002 e9b23815db3e2e64f46d719b51cce2f4 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 1557272 ae70a0bb736343fe718bf0d35a3b32d9 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 836726 b9b1f8206ba21fb9dde3f980c86d24f8 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 876574 7839e291a551899242a4dc2f5b8d9f35 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_powerpc.udeb Size/MD5: 618004 7a9f02ca9b67ebc512a6f9e38a80dc26 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 2093146 1d5f7c1c9af62423a04efedd7d38a913 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 1705258 342ae884bd21bcddec45c9b8eabac551 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 945950 9675de35a318feb0078a96896595967c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 886178 9c581cd1ca63f80bb8a9d5832942a153 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_sparc.udeb Size/MD5: 565190 2c2a71fcb2e872cabaeb7d4ae7a20259 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 1987290 2eced2b5c5554f981a61ad6d6afb189a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 4050004 9ab3d6baf7aaaa6c0268f4be69f0a1a9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 2221122 d210d67192ddfde087aecc66791d2932 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 887274 52fd404eb494c0e0b371c7428552196a Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4.diff.gz Size/MD5: 54265 48ab0fa9c3683e86643241b94cbbd39a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4.dsc Size/MD5: 920 896ab79ea689efeb2de3e02dc0fc6c3d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.4_all.deb Size/MD5: 628902 af428e77b048f9b563dbf3b6e03c7b77 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_amd64.udeb Size/MD5: 603882 7cab435930aed7cc81635af1f9186c72 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 2064750 5655eeabb4f5394c6fa9e066104829fe http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 1604310 437124745340c62fb91eb330dd13e26c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 931554 27a5fcd27928f903c555f1c52038db0c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 390620 788d2703d3e67348a628054beb912ed3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_i386.udeb Size/MD5: 564676 019f31865013411c760e4ab851e89e17 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 1941970 eb1e998c368a67901f8dc24e7f7c8a6f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 5341460 652d0ec4bf5f9eac14670c2f439beda4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 2828564 a2ce3d2beb2c38d33dd94f04f2191883 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 385434 836f3086e428903ccb04c28494ea0041 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_lpia.udeb Size/MD5: 535450 be4c24bff72025ce0c6c6394fba68fd5 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 1922618 a65ff52eb395b40c14f7fc18ea41ad7d http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 1512528 458077dda55faeaf239ee3a47299c609 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 843082 fc0918a82913ea636d087278f3e96fa7 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 390018 8faf10bc8b6d4fa531def5446e66dee1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_powerpc.udeb Size/MD5: 610282 dc8839e3ff9862b80b862285ef984e9f http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 2077956 2bac2aea99e1e0096220f94036883f5e http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 1639618 4a18538a4b3ba94b78d9c7cea49a6b07 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 944878 fb6aa227b8609ffde3242b4f5fc6116f http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 399202 cb99c081fd9f48e5a40df713ae651e88 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_sparc.udeb Size/MD5: 559654 b84fa24de0b7aada1ba92eb57405d92f http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 1984540 16585659f3a14e89470a5f00fd4f42ba http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 3873894 fc78d170a38cbddf9e3535cb353d52b3 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 2241644 177559b738e07248aff683e93fe9b82b http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 397818 652f57d5f54161a5e0ad5c79617b0879 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1.diff.gz Size/MD5: 55754 c957bd1ff8a8500f842e20234143c351 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1.dsc Size/MD5: 1334 0dd1b68e9c2f1caefc82dd0fc2b92648 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.1_all.deb Size/MD5: 628628 c4f6300e39b5949d7ef8cb13f7054214 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_amd64.udeb Size/MD5: 622186 bc90e5f8db699789fc7aa72d42e57371 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 2109722 a7dc60dd48c1ec1656cbb909c456d960 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 1685202 25e62ee915d832d604890addbaa122ea http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 957898 115151c119f55d0907593883f877daa3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 404030 b7ea3332ca29746237f2b661c91e89b1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_i386.udeb Size/MD5: 578654 c1afb78788aee9b1d87b9fe9cc3f84cd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 1980648 352cdc3d1ec18714ed69a0e994ad3a34 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 5604978 2d964cdf8c4f11d7407a614c23cfee3d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 2920048 a9073edf1c235cf3919c09a0ab5718f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 398652 7f7fba957c5f1e3071275a38671acf25 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_lpia.udeb Size/MD5: 547384 30f57b3c8dde980d1e46c4c26d8ad561 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 1958092 2560aaf556ba47a934092635ba0d8d2f http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 1578834 05f9e7736ccd10d80e6953e2fe094fa1 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 862680 d298ef88cef3c47b0e90e0f1a9181a40 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 400640 215b80cc7bb02cc24f2086dc5baa6217 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_powerpc.udeb Size/MD5: 623176 85a1d24d89ea4c34cc9a54b568b5bc58 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 2120282 3c16c677ad334913d82080fd41f25daf http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 1704334 ec55dbd174914d100a625a601d5c8d6c http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 964578 3f207d7b34494f01d1cb3448825af9e5 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 402660 cc80ae7e798e4b46f9882ad31d2e7cc9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_sparc.udeb Size/MD5: 567580 bd1a38ca852a485c76d434c619766e30 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 2013344 6eec2f31c3d94e19eeb57f1008030a80 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 4038260 5c9cc4e498dac03b1d8664840c62e0d7 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 2284620 317c30221db0bb66c0703c40694d9485 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 406750 8542831a114aaff62e62021bbc8d028b

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. Adam-6050W is prone to a remote security vulnerability. advantech adam is an Advantech industrial ADAM module

Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Details on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. Trusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked

Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected. Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable. Safari is the web browser bundled by default in the Apple operating system

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Is a one-way hash function MD5 Outputs a value called a fixed-length message digest from the input value. A secure hash function must be extremely difficult to find an input value that corresponds to a particular message digest. That the same message digest is output from different inputs. " collision " Call it. 1996 From the year MD5 Attack methods that exploit the lack of collision resistance of algorithms have been reported. After that, this attack technique X.509 It can be used to forge certificates, 2008 A year CA Based on a certificate signed by CA It was reported that the certificate was successfully forged. MD5 Products that use the algorithm are affected.MD5 There are various effects depending on the usage pattern. As an example, forged SSL Trusting a malicious website using a certificate may cause information leakage. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature. An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed. + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10** - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 26 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05336888 Version: 1 HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-11-18 Last Updated: 2016-11-18 Potential Security Impact: Remote: Multiple Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. References: - CVE-2004-2761 - MD5 Hash Collision Vulnerability - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah" SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 5 (CW5) Products All versions - Comware 7 (CW7) Products All versions BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2004-2761 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2013-2566 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2015-2808 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following mitigation information to resolve the vulnerabilities in HPE Comware 5 and Comware 7 network products. *Note:* Please contact HPE Technical Support for any assistance configuring the recommended settings. **Mitigation for the hash collision vulnerability in the MD5 Algorithm:** + For Comware V7, this issue only exists when the key-type is RSA and the public key length less than 1024 bits. Since the default length of the RSA key is 1024 bits, the length should only have to be set manually if necessary. Example command to set the RSA key length to 1024 bits: public-key rsa general name xxx length 1024 + For Comware V5, this issue only exists when the key-type is RSA. HPE recommends using DSA and ECDSA keys and not an RSA key. **Mitigation for the RC4 vulnerabilities:** HPE recommends disabling RC2 and RC4 ciphers. + For Comware V7, remove the RC2/RC4 ciphers: - exp_rsa_rc2_md5 - exp_rsa_rc4_md5 - rsa_rc4_128_md5 - rsa_rc4_128_sha Example using the *ssl server-policy anamea ciphersuite* command to omit the RC2/RC4 ciphers: ssl server-policy anamea ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha } Example using the *ssl client-policy anamea prefer-cipher* command to omit the RC2/RC4 ciphers: ssl client-policy anamea prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha } + For Comware V5, remove the following RC4 ciphers: - rsa_rc4_128_md5 - rsa_rc4_128_sha Example using the *ssl server-policy anamea ciphersuite* command to omit the RC4 ciphers: ssl server-policy anamea ciphersuite { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha } Example using the *ssl client-policy anamea prefer-cipher* command to omit the RC4 ciphers: ssl client-policy anamea prefer-cipher { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha } **COMWARE 5 Products** + **HSR6602 (Comware 5) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 (Comware 5) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **MSR20 (Comware 5) - Version: See Mitigation** * HP Network Products - JD432A HP A-MSR20-21 Router - JD662A HP MSR20-20 Router - JD663A HP A-MSR20-21 Router - JD663B HP MSR20-21 Router - JD664A HP MSR20-40 Router - JF228A HP MSR20-40 Router - JF283A HP MSR20-20 Router + **MSR20-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JD431A HP MSR20-10 Router - JD667A HP MSR20-15 IW Multi-Service Router - JD668A HP MSR20-13 Multi-Service Router - JD669A HP MSR20-13 W Multi-Service Router - JD670A HP MSR20-15 A Multi-Service Router - JD671A HP MSR20-15 AW Multi-Service Router - JD672A HP MSR20-15 I Multi-Service Router - JD673A HP MSR20-11 Multi-Service Router - JD674A HP MSR20-12 Multi-Service Router - JD675A HP MSR20-12 W Multi-Service Router - JD676A HP MSR20-12 T1 Multi-Service Router - JF236A HP MSR20-15-I Router - JF237A HP MSR20-15-A Router - JF238A HP MSR20-15-I-W Router - JF239A HP MSR20-11 Router - JF240A HP MSR20-13 Router - JF241A HP MSR20-12 Router - JF806A HP MSR20-12-T Router - JF807A HP MSR20-12-W Router - JF808A HP MSR20-13-W Router - JF809A HP MSR20-15-A-W Router - JF817A HP MSR20-15 Router - JG209A HP MSR20-12-T-W Router (NA) - JG210A HP MSR20-13-W Router (NA) + **MSR 30 (Comware 5) - Version: See Mitigation** * HP Network Products - JD654A HP MSR30-60 POE Multi-Service Router - JD657A HP MSR30-40 Multi-Service Router - JD658A HP MSR30-60 Multi-Service Router - JD660A HP MSR30-20 POE Multi-Service Router - JD661A HP MSR30-40 POE Multi-Service Router - JD666A HP MSR30-20 Multi-Service Router - JF229A HP MSR30-40 Router - JF230A HP MSR30-60 Router - JF232A HP RTMSR3040-AC-OVSAS-H3 - JF235A HP MSR30-20 DC Router - JF284A HP MSR30-20 Router - JF287A HP MSR30-40 DC Router - JF801A HP MSR30-60 DC Router - JF802A HP MSR30-20 PoE Router - JF803A HP MSR30-40 PoE Router - JF804A HP MSR30-60 PoE Router - JG728A HP MSR30-20 TAA-compliant DC Router - JG729A HP MSR30-20 TAA-compliant Router + **MSR 30-16 (Comware 5) - Version: See Mitigation** * HP Network Products - JD659A HP MSR30-16 POE Multi-Service Router - JD665A HP MSR30-16 Multi-Service Router - JF233A HP MSR30-16 Router - JF234A HP MSR30-16 PoE Router + **MSR 30-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JF800A HP MSR30-11 Router - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr - JG182A HP MSR30-11E Router - JG183A HP MSR30-11F Router - JG184A HP MSR30-10 DC Router + **MSR 50 (Comware 5) - Version: See Mitigation** * HP Network Products - JD433A HP MSR50-40 Router - JD653A HP MSR50 Processor Module - JD655A HP MSR50-40 Multi-Service Router - JD656A HP MSR50-60 Multi-Service Router - JF231A HP MSR50-60 Router - JF285A HP MSR50-40 DC Router - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply + **MSR 50-G2 (Comware 5) - Version: See Mitigation** * HP Network Products - JD429A HP MSR50 G2 Processor Module - JD429B HP MSR50 G2 Processor Module + **MSR 9XX (Comware 5) - Version: See Mitigation** * HP Network Products - JF812A HP MSR900 Router - JF813A HP MSR920 Router - JF814A HP MSR900-W Router - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr - JG207A HP MSR900-W Router (NA) - JG208A HP MSR920-W Router (NA) + **MSR 93X (Comware 5) - Version: See Mitigation** * HP Network Products - JG511A HP MSR930 Router - JG511B HP MSR930 Router - JG512A HP MSR930 Wireless Router - JG513A HP MSR930 3G Router - JG513B HP MSR930 3G Router - JG514A HP MSR931 Router - JG514B HP MSR931 Router - JG515A HP MSR931 3G Router - JG516A HP MSR933 Router - JG517A HP MSR933 3G Router - JG518A HP MSR935 Router - JG518B HP MSR935 Router - JG519A HP MSR935 Wireless Router - JG520A HP MSR935 3G Router - JG531A HP MSR931 Dual 3G Router - JG531B HP MSR931 Dual 3G Router - JG596A HP MSR930 4G LTE/3G CDMA Router - JG597A HP MSR936 Wireless Router - JG665A HP MSR930 4G LTE/3G WCDMA Global Router - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router - JH009A HP MSR931 Serial (TI) Router - JH010A HP MSR933 G.SHDSL (TI) Router - JH011A HP MSR935 ADSL2+ (TI) Router - JH012A HP MSR930 Wireless 802.11n (NA) Router - JH012B HP MSR930 Wireless 802.11n (NA) Router - JH013A HP MSR935 Wireless 802.11n (NA) Router + **MSR1000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG732A HP MSR1003-8 AC Router + **12500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JC808A HP 12500 TAA Main Processing Unit - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis + **9500E (Comware 5) - Version: See Mitigation** * HP Network Products - JC124A HP A9508 Switch Chassis - JC124B HP 9505 Switch Chassis - JC125A HP A9512 Switch Chassis - JC125B HP 9512 Switch Chassis - JC474A HP A9508-V Switch Chassis - JC474B HP 9508-V Switch Chassis + **10500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC614A HP 10500 Main Processing Unit - JC748A HP 10512 Switch Chassis - JG375A HP 10500 TAA-compliant Main Processing Unit - JG820A HP 10504 TAA-compliant Switch Chassis - JG821A HP 10508 TAA-compliant Switch Chassis - JG822A HP 10508-V TAA-compliant Switch Chassis - JG823A HP 10512 TAA-compliant Switch Chassis + **7500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo - JC697A HP 7502 TAA-compliant Main Processing Unit - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD194A HP 7500 384Gbps Fabric Module - JD194B HP 7500 384Gbps Fabric Module - JD195A HP 7500 384Gbps Advanced Fabric Module - JD196A HP 7502 Fabric Module - JD220A HP 7500 768Gbps Fabric Module - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports - JD238A HP 7510 Switch Chassis - JD238B HP 7510 Switch Chassis - JD239A HP 7506 Switch Chassis - JD239B HP 7506 Switch Chassis - JD240A HP 7503 Switch Chassis - JD240B HP 7503 Switch Chassis - JD241A HP 7506-V Switch Chassis - JD241B HP 7506-V Switch Chassis - JD242A HP 7502 Switch Chassis - JD242B HP 7502 Switch Chassis - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot - JE164A HP E7902 Switch Chassis - JE165A HP E7903 Switch Chassis - JE166A HP E7903 1 Fabric Slot Switch Chassis - JE167A HP E7906 Switch Chassis - JE168A HP E7906 Vertical Switch Chassis - JE169A HP E7910 Switch Chassis + **6125G/XG Blade Switch - Version: See Mitigation** * HP Network Products - 737220-B21 HP 6125G Blade Switch with TAA - 737226-B21 HP 6125G/XG Blade Switch with TAA - 658250-B21 HP 6125G/XG Blade Switch Opt Kit - 658247-B21 HP 6125G Blade Switch Opt Kit + **5830 (Comware 5) - Version: See Mitigation** * HP Network Products - JC691A HP 5830AF-48G Switch with 1 Interface Slot - JC694A HP 5830AF-96G Switch - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot - JG374A HP 5830AF-96G TAA-compliant Switch + **5800 (Comware 5) - Version: See Mitigation** * HP Network Products - JC099A HP 5800-24G-PoE Switch - JC099B HP 5800-24G-PoE+ Switch - JC100A HP 5800-24G Switch - JC100B HP 5800-24G Switch - JC101A HP 5800-48G Switch with 2 Slots - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots - JC103A HP 5800-24G-SFP Switch - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot - JC104A HP 5800-48G-PoE Switch - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot - JC105A HP 5800-48G Switch - JC105B HP 5800-48G Switch with 1 Interface Slot - JG254A HP 5800-24G-PoE+ TAA-compliant Switch - JG254B HP 5800-24G-PoE+ TAA-compliant Switch - JG255A HP 5800-24G TAA-compliant Switch - JG255B HP 5800-24G TAA-compliant Switch - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG225A HP 5800AF-48G Switch - JG225B HP 5800AF-48G Switch - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot - JG219A HP 5820AF-24XG Switch - JG219B HP 5820AF-24XG Switch - JC102A HP 5820-24XG-SFP+ Switch - JC102B HP 5820-24XG-SFP+ Switch + **5500 HI (Comware 5) - Version: See Mitigation** * HP Network Products - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots + **5500 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD373A HP 5500-24G DC EI Switch - JD374A HP 5500-24G-SFP EI Switch - JD375A HP 5500-48G EI Switch - JD376A HP 5500-48G-PoE EI Switch - JD377A HP 5500-24G EI Switch - JD378A HP 5500-24G-PoE EI Switch - JD379A HP 5500-24G-SFP DC EI Switch - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots + **4800G (Comware 5) - Version: See Mitigation** * HP Network Products - JD007A HP 4800-24G Switch - JD008A HP 4800-24G-PoE Switch - JD009A HP 4800-24G-SFP Switch - JD010A HP 4800-48G Switch - JD011A HP 4800-48G-PoE Switch + **5500SI (Comware 5) - Version: See Mitigation** * HP Network Products - JD369A HP 5500-24G SI Switch - JD370A HP 5500-48G SI Switch - JD371A HP 5500-24G-PoE SI Switch - JD372A HP 5500-48G-PoE SI Switch - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots + **4500G (Comware 5) - Version: See Mitigation** * HP Network Products - JF428A HP 4510-48G Switch - JF847A HP 4510-24G Switch + **5120 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JE066A HP 5120-24G EI Switch - JE067A HP 5120-48G EI Switch - JE068A HP 5120-24G EI Switch with 2 Interface Slots - JE069A HP 5120-48G EI Switch with 2 Interface Slots - JE070A HP 5120-24G-PoE EI 2-slot Switch - JE071A HP 5120-48G-PoE EI 2-slot Switch - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots + **4210G (Comware 5) - Version: See Mitigation** * HP Network Products - JF844A HP 4210-24G Switch - JF845A HP 4210-48G Switch - JF846A HP 4210-24G-PoE Switch + **5120 SI (Comware 5) - Version: See Mitigation** * HP Network Products - JE072A HP 5120-48G SI Switch - JE072B HPE 5120 48G SI Switch - JE073A HP 5120-16G SI Switch - JE073B HPE 5120 16G SI Switch - JE074A HP 5120-24G SI Switch - JE074B HPE 5120 24G SI Switch - JG091A HP 5120-24G-PoE+ (370W) SI Switch - JG091B HPE 5120 24G PoE+ (370W) SI Switch - JG092A HP 5120-24G-PoE+ (170W) SI Switch - JG309B HPE 5120 8G PoE+ (180W) SI Switch - JG310B HPE 5120 8G PoE+ (65W) SI Switch + **3610 (Comware 5) - Version: See Mitigation** * HP Network Products - JD335A HP 3610-48 Switch - JD336A HP 3610-24-4G-SFP Switch - JD337A HP 3610-24-2G-2G-SFP Switch - JD338A HP 3610-24-SFP Switch + **3600V2 (Comware 5) - Version: See Mitigation** * HP Network Products - JG299A HP 3600-24 v2 EI Switch - JG299B HP 3600-24 v2 EI Switch - JG300A HP 3600-48 v2 EI Switch - JG300B HP 3600-48 v2 EI Switch - JG301A HP 3600-24-PoE+ v2 EI Switch - JG301B HP 3600-24-PoE+ v2 EI Switch - JG301C HP 3600-24-PoE+ v2 EI Switch - JG302A HP 3600-48-PoE+ v2 EI Switch - JG302B HP 3600-48-PoE+ v2 EI Switch - JG302C HP 3600-48-PoE+ v2 EI Switch - JG303A HP 3600-24-SFP v2 EI Switch - JG303B HP 3600-24-SFP v2 EI Switch - JG304A HP 3600-24 v2 SI Switch - JG304B HP 3600-24 v2 SI Switch - JG305A HP 3600-48 v2 SI Switch - JG305B HP 3600-48 v2 SI Switch - JG306A HP 3600-24-PoE+ v2 SI Switch - JG306B HP 3600-24-PoE+ v2 SI Switch - JG306C HP 3600-24-PoE+ v2 SI Switch - JG307A HP 3600-48-PoE+ v2 SI Switch - JG307B HP 3600-48-PoE+ v2 SI Switch - JG307C HP 3600-48-PoE+ v2 SI Switch + **3100V2-48 (Comware 5) - Version: See Mitigation** * HP Network Products - JG315A HP 3100-48 v2 Switch - JG315B HP 3100-48 v2 Switch + **HP870 (Comware 5) - Version: See Mitigation** * HP Network Products - JG723A HP 870 Unified Wired-WLAN Appliance - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance + **HP850 (Comware 5) - Version: See Mitigation** * HP Network Products - JG722A HP 850 Unified Wired-WLAN Appliance - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance + **HP830 (Comware 5) - Version: See Mitigation** * HP Network Products - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant + **HP6000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG639A HP 10500/7500 20G Unified Wired-WLAN Module - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module + **WX5004-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD447B HP WX5002 Access Controller - JD448A HP WX5004 Access Controller - JD448B HP WX5004 Access Controller - JD469A HP WX5004 Access Controller + **SecBlade FW (Comware 5) - Version: See Mitigation** * HP Network Products - JC635A HP 12500 VPN Firewall Module - JD245A HP 9500 VPN Firewall Module - JD249A HP 10500/7500 Advanced VPN Firewall Module - JD250A HP 6600 Firewall Processing Router Module - JD251A HP 8800 Firewall Processing Module - JD255A HP 5820 VPN Firewall Module + **F1000-E (Comware 5) - Version: See Mitigation** * HP Network Products - JD272A HP F1000-E VPN Firewall Appliance + **F1000-A-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG214A HP F1000-A-EI VPN Firewall Appliance + **F1000-S-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG213A HP F1000-S-EI VPN Firewall Appliance + **F5000-A (Comware 5) - Version: See Mitigation** * HP Network Products - JD259A HP A5000-A5 VPN Firewall Chassis - JG215A HP F5000 Firewall Main Processing Unit - JG216A HP F5000 Firewall Standalone Chassis + **U200S and CS (Comware 5) - Version: See Mitigation** * HP Network Products - JD273A HP U200-S UTM Appliance + **U200A and M (Comware 5) - Version: See Mitigation** * HP Network Products - JD275A HP U200-A UTM Appliance + **F5000-C/S (Comware 5) - Version: See Mitigation** * HP Network Products - JG650A HP F5000-C VPN Firewall Appliance - JG370A HP F5000-S VPN Firewall Appliance + **SecBlade III (Comware 5) - Version: See Mitigation** * HP Network Products - JG371A HP 12500 20Gbps VPN Firewall Module - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC165A HP 6600 RPE-X1 Router Module - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **SMB1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JG540A HP 1910-48 Switch - JG539A HP 1910-24-PoE+ Switch - JG538A HP 1910-24 Switch - JG537A HP 1910-8 -PoE+ Switch - JG536A HP 1910-8 Switch + **SMB1920 (Comware 5) - Version: See Mitigation** * HP Network Products - JG928A HP 1920-48G-PoE+ (370W) Switch - JG927A HP 1920-48G Switch - JG926A HP 1920-24G-PoE+ (370W) Switch - JG925A HP 1920-24G-PoE+ (180W) Switch - JG924A HP 1920-24G Switch - JG923A HP 1920-16G Switch - JG922A HP 1920-8G-PoE+ (180W) Switch - JG921A HP 1920-8G-PoE+ (65W) Switch - JG920A HP 1920-8G Switch + **V1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JE005A HP 1910-16G Switch - JE006A HP 1910-24G Switch - JE007A HP 1910-24G-PoE (365W) Switch - JE008A HP 1910-24G-PoE(170W) Switch - JE009A HP 1910-48G Switch - JG348A HP 1910-8G Switch - JG349A HP 1910-8G-PoE+ (65W) Switch - JG350A HP 1910-8G-PoE+ (180W) Switch + **SMB 1620 (Comware 5) - Version: See Mitigation** * HP Network Products - JG914A HP 1620-48G Switch - JG913A HP 1620-24G Switch - JG912A HP 1620-8G Switch **COMWARE 7 Products** + **12500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: See Mitigation** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: See Mitigation** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: See Mitigation** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **6125XLG - Version: See Mitigation** * HP Network Products - 711307-B21 HP 6125XLG Blade Switch - 737230-B21 HP 6125XLG Blade Switch with TAA + **6127XLG - Version: See Mitigation** * HP Network Products - 787635 HP 6127XLG Blade Switch Opt Kit + **Moonshot - Version: See Mitigation** * HP Network Products - 786617-B21 - HP Moonshot-45Gc Switch Module - 704654-B21 - HP Moonshot-45XGc Switch Module - 786619-B21 - HP Moonshot-180XGc Switch Module + **5700 (Comware 7) - Version: See Mitigation** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: See Mitigation** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: See Mitigation** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: See Mitigation** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: See Mitigation** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5950 (Comware 7) - Version: See Mitigation** * HP Network Products - JH321A HPE FlexFabric 5950 32QSFP28 Switch + **5940 (Comware 7) - Version: See Mitigation** * HP Network Products - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch - JH396A HPE FlexFabric 5940 32QSFP+ Switch - JH397A HPE FlexFabric 5940 2-slot Switch - JH398A HPE FlexFabric 5940 4-slot Switch HISTORY Version:1 (rev.1) - 18 November 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYLytTAAoJELXhAxt7SZaiMjYIAI4xgRNJCPqOZ40XLUNhxYrc HyqTd62PbcGOPTFya1qOo16V94eJ5id5oRHOtcrFjJKtDedDS6OoAe5HWYXvLEI3 0fEzCNjk9aHTcvuf2t17MGhS0Fk2JrZ0191RFONKuEkqgMmK0d44SGMrVXSA28Dj phW1dzm1HiJO0NPUOa+cYMhNt0+I7b+ulD6FdldNdqx4fNtlXiHvcRbF4Wffe2hD N2hlvx1Wu1iu2g75XPNPOPYhDRkyAm79P2HZGCUohQlhWsRgcJRnubojJBr7CMf9 2Ud7MwYL4jTKK/mFdim4ej/hwPn3SCb5ekhTUBFDlu2J2DjUYi2xDQgyQkhuUIg= =NGQO -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-740-1 March 17, 2009 nss, firefox vulnerability CVE-2004-2761 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2 Ubuntu 7.10: libnss3-0d 3.11.5-3ubuntu0.7.10.2 Ubuntu 8.04 LTS: libnss3-0d 3.12.0.3-0ubuntu0.8.04.5 libnss3-1d 3.12.0.3-0ubuntu0.8.04.5 Ubuntu 8.10: libnss3-1d 3.12.0.3-0ubuntu5.8.10.1 After a standard system upgrade you need to restart your session to effect the necessary changes. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc Size/MD5: 2389 abbe8becc260777f55315eb565f8d732 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz Size/MD5: 48504132 171958941a2ca0562039add097278245 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb Size/MD5: 53898 025eab1318c7a90e48fb0a927bbbd433 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb Size/MD5: 53014 87135a54ac04ea95a0a3c7dccb8a4d4e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 2859292 f6a4b48f0e0e3250d83f0bf4183836f7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 86270 0bd3983f76c7474d37018f26eee721f4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 9494334 91c75d6baf740531224bed258c6622b9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 222572 2779237df4dc1c30d8d2c01623eef1e3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 166118 862f4a02164840c1d94228a396c2688c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 248116 183208d5e43c3ddc117d6cbefc54a472 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 826574 2ff813a52cac4b3392f056b145129821 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 218858 2fcc1d909f4fdafaced1b1f737f83bf1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 2859256 274033babbff1131a391ca71c19a6e6b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 78600 3e86ec8d1b73b8f7b822f12aaa56451a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 7997718 56cb9f85d34aa86721dcc36414b8f0e9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 222564 14edfb722d08b49930b901114b841c81 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 150606 fa56606c4d002559ee41e965299b523a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 248106 58139d67e47359f9cb056ad29292d06d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 717824 ce294179ee0e0fcdea589e751548f04e http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 212058 b3874b6f769aeafedce238b9a15e7b09 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 2859352 dac458ed9e848ba8c64d0e18071149f8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 81686 228d420fc876cb95b6edad70d58c2c48 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 9113232 7ba2b92dad312ca9d2186dac6380d638 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 222564 9e89e2cc261f1c1b43e0b765e140d3d5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 163310 3ddb28abafbffe0943e25f48267df5f1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 248128 94da18de9bba74798a5ae257e85d882b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 817522 eb53d37dea9fce55780abda44b94ca89 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 215556 779f90ccb4534487d2274536ac9279dd sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 2859296 c7f225dc39717d6156b9163c7a8ddda0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 80180 51ca826844fa46702feb9bbeb5c6e999 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 8499070 ee1fd111aa113ac50e5ea42dc85e1e77 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 222590 6a5621015d57ffbd93f92a8552d98e54 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 153210 b7c4a9074a678fcaf70a4db7bcb8fd5d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 248150 1273ab06f98bf861e4e66985add8685a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 728698 cd5ba0f693710a604274d327d4724c88 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 213030 fe7a017cd7f4a8a9064372e51f903263 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz Size/MD5: 23735 2c3b55fe3f316790d2174a56709723ad http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc Size/MD5: 1925 9d9a2fa42ff8dcb452761d66e3238ef6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz Size/MD5: 3696893 1add44e6a41dbf5091cfd000f19ad6b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 3143890 dad0155f293aff8a59d42086cef022c3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 799588 70d491944efd2ce20cb839da11030b0e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 241342 567c357ea31e0e1729db4738822aa7b0 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 656372 a6868f642b5c295236c7df01dbc3f2d9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 2995870 d4ea291de433c1768148f35a4f40e596 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 723166 81b970c37e37b2bfe13bf8edf8b8c2df http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 238436 a901d3b0431faa6bfd4d8b732fc6b8ed http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 605568 f7a02ba6c2e65c2e3644f81e2e5add33 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 3213428 32f032e4c5ebc8383d334e2de5b1e0b5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 709556 606d9ee62127ecad6620ce6ee2a351c1 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 237148 526eb9b27871cee224d480ce8483d015 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 596394 35c4ef7f97a6934947760236b119d1f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 3168400 13560d02da9c481147177504476a3f21 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 807892 5a0232d184bb4d87811974d61a902e17 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 240514 9cfb4b3bace2f033b7c55ba571d0c4a1 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 645362 ccd118c24941759b0c2e758ae60b4ba5 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 2834042 f884524281d9521e07b60c8bf9aa8074 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 718096 906896f0101a88bd6cb78ffdb103fe0e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 235222 f679c8d076c15860a41c1e16b1d69ded http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 576390 75811d5dc9ddd1eca108bc50ffe3e911 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz Size/MD5: 38918 6fda80e067b0f84e323b3556b5f9dd18 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc Size/MD5: 2001 e9365c71192c0e568d5dd9891708e436 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 17910 7933180f37ce55969719730463fef4cb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 4511304 1a241985ee6673075b8610bbb2be2902 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 1135226 fcc9b7555aac5a0ef0260aa639b7421a http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 256738 992898a7cce94822e29a3e0d5d318e46 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 813730 542b82a7837b4a43191fd5862a97699e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 17894 3ea3554784b1242ce89f96bb631d0c4d http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 4294520 d7eb7d334bd821d887e24d76d8e2804f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 1017710 7afd17b32bc5ce80babf2405488997e8 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 253724 f7f8ad3723f384a657907016b8476c35 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 741278 ed53c68732f059a90a35310b68c4be88 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 17874 5e1a506010c923ba8a41129fef693344 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 4322188 cd5765f42aaffa32e20b0ac0510d9b6c http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 993934 313d088bd4a0a44fe05b762e33ef927d http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 252500 dcaf82868eaa0e3162a6a49fb6f512be http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 719648 8e422c9ee3dd5a062f547d36d6e2725c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 20352 144b270c8fc23407e1da27112151c952 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 4440132 f89a7f34a199abd8e0d840bb011ca5bf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 1115852 d88c0295406e468f7ac1c087edb661dd http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 255446 4eef63577fbaa5b611b0d9064c47ac6c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 777064 83ad19b301d2c1eceef6682cbad5a00d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 17976 c763ceebcc3bf6371477809a8589cebf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 4038136 bbb4ff75f73844f33727fada2ca730b4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 995598 2785d368bbb6665eee586ac3fc3e453e http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 250450 a972e1131466d149480a574a57537c37 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 702432 d16a1353ba80d7104820f97c4f712334 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz Size/MD5: 38881 8be9f8eb187a657a743e115f58dbb58b http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc Size/MD5: 2001 88381f73650cd5c2c369f387638ec40d http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 4696732 5e2844909ee8896f71548c37f7ab711f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 1182642 6f73554c7970e2c0e3da7dcddf8d4d7f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 256520 808f5ff374081b1fd7f981699e267828 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 17962 63411a0d50d9fa340f688c7a5cec33ae http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 824382 367bbe2bf29f17c4fa5b085142e0bc8f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 4450042 bb8560c5208a6f4d2a121a93d7ff7bac http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 1054914 1f7cbdc5e0776b8c2fc92241776bd96e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 253554 c1cc8fff73ef7b34dadc6fea411bc7db http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 17940 b3577f334ed9f5a95c6fdbdd4de83ef4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 752462 703f7bd356efc312f216e361209ef3a7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 4482980 c27f13a5f5aba10c93b2dda917c1ba31 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 1029092 3b2805f79d61b595907187846da18a54 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 252140 06b18884a6e275a5fc9a73abd1464875 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 730786 e1497e0cbdf8d7c3ac4c6e80e86837bf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 4659468 ceb162226c93c950c71d2f0236b9d53e http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 1137358 f61287d145339ece156686d86a971480 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 255312 d7787174c0d6b25467b0f1262306be06 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 20352 082622bc3e21161a1085695bd4f8f961 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 775316 78ca70e113bd97d42f62e19e0ac8fdb1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 4168250 b9f3c0b8eab76476c9bb057b43d9df40 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 1015340 5dd83c288df733b6a84247b48d945647 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 250138 f6a1dd454cc44a4684ab288e9eadde56 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 18068 27f0453909db6eda6d8ffd3ef35454c9 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 703524 e87fca0b128626aebf5bce77473ee8e0

The Comtrend CT-536 is a small ADSL wireless broadband router. CT-536's micro_httpd service program does not properly validate user requests. Non-privileged users can access restricted resources by submitting malicious requests. During the authentication process, the credentials are sent in clear text, and any user can easily read the authentication credentials. CT-536 does not properly filter certain field autos and data, and remote attackers can exploit cross-site scripting and buffer overflow attacks to cause the httpd configuration server to denial of service. COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities: - Multiple unauthorized-access vulnerabilities - An information-disclosure vulnerability - Multiple cross-site scripting vulnerabilities - A denial-of-service vulnerability - Multiple buffer-overflow vulnerabilities Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible. The following firmware versions are vulnerable; additional versions may also be affected: CT-536 A101-302JAZ-C01_R05 HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Multiple Barracuda products are prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and an SQL-injection vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to the following are affected: Barracuda Message Archiver to 1.2.1.002. Barracuda Spam Firewall 3.5.12.007 and prior Barracuda Web Filter 3.3.0.052 and prior Barracuda IM Firewall 3.1.01.017 and prior Barracuda Load Balancer 2.3.024 and prior. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Barracuda Products Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA33164 VERIFY ADVISORY: http://secunia.com/advisories/33164/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/advisories/product/4639/ Barracuda IM Firewall http://secunia.com/advisories/product/20790/ Barracuda Load Balancer http://secunia.com/advisories/product/20791/ Barracuda Message Archiver http://secunia.com/advisories/product/20788/ Barracuda Web Filter http://secunia.com/advisories/product/20789/ DESCRIPTION: Dr. Input passed to various parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest version. Marian Ventuneac, Data Communications Security Laboratory, University of Limerick ORIGINAL ADVISORY: Barracuda Networks: http://www.barracudanetworks.com/ns/support/tech_alert.php Dr. Marian Ventuneac: http://dcsl.ul.ie/advisories/02.htm http://dcsl.ul.ie/advisories/03.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter. plural Barracuda Product index.cgi Contains a cross-site scripting vulnerability.By any third party through the following process Web Script or HTML May be inserted. Multiple Barracuda products are prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and an SQL-injection vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to the following are affected: Barracuda Message Archiver to 1.2.1.002. Barracuda Spam Firewall 3.5.12.007 and prior Barracuda Web Filter 3.3.0.052 and prior Barracuda IM Firewall 3.1.01.017 and prior Barracuda Load Balancer 2.3.024 and prior. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Barracuda Products Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA33164 VERIFY ADVISORY: http://secunia.com/advisories/33164/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/advisories/product/4639/ Barracuda IM Firewall http://secunia.com/advisories/product/20790/ Barracuda Load Balancer http://secunia.com/advisories/product/20791/ Barracuda Message Archiver http://secunia.com/advisories/product/20788/ Barracuda Web Filter http://secunia.com/advisories/product/20789/ DESCRIPTION: Dr. Input passed to various parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest version. Marian Ventuneac, Data Communications Security Laboratory, University of Limerick ORIGINAL ADVISORY: Barracuda Networks: http://www.barracudanetworks.com/ns/support/tech_alert.php Dr. Marian Ventuneac: http://dcsl.ul.ie/advisories/02.htm http://dcsl.ul.ie/advisories/03.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Other versions may also be affected. PROVIDED AND/OR DISCOVERED BY: The vendor credits the Vulnerability Research Team of Digital Defense, Inc. ORIGINAL ADVISORY: Citrix: http://support.citrix.com/article/CTX119315 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. Sun Java Wireless Toolkit for CDLC is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the toolkit. Failed attacks will likely cause denial-of-service conditions. Sun Java Wireless Toolkit 2.5.2 and prior versions are vulnerable. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Sun Java Wireless Toolkit for CLDC Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA33159 VERIFY ADVISORY: http://secunia.com/advisories/33159/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Sun Java Wireless Toolkit for CLDC 2.x http://secunia.com/advisories/product/20784/ DESCRIPTION: Some vulnerabilities have been reported in Sun Java Wireless Toolkit for CLDC, which can be exploited by malicious people to bypass certain security restrictions. http://java.sun.com/products/sjwtoolkit/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247566-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. Attackers can leverage this issue to cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. The following individual records have been created to better document the issues: 32870 Apple Podcast Producer Authentication-Bypass Vulnerability 32872 Apple Mac OS X UDF ISO File Handling Denial of Service Vulnerability 32873 Apple Mac OS X NFS Mounted Executable Exception Remote Denial of Service Vulnerability 32874 Apple Mac OS X 'natd' Remote Denial of Service Vulnerability 32875 Apple Mac OS X Type Services PDF File Remote Denial of Service Vulnerability 32876 Apple Mac OS X BOM CPIO Header Stack Buffer Overflow Vulnerability 32877 Apple Mac OS X 'inet_net_pton' API Integer Overflow Vulnerability 32879 Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities 32880 Apple Mac OS X Managed Client Screen Saver Lock Bypass Vulnerability 32881 Apple Mac OS X 'strptime' API Memory Corruption Vulnerability. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. The following individual records have been created to better document the issues: 32870 Apple Podcast Producer Authentication-Bypass Vulnerability 32872 Apple Mac OS X UDF ISO File Handling Denial of Service Vulnerability 32873 Apple Mac OS X NFS Mounted Executable Exception Remote Denial of Service Vulnerability 32874 Apple Mac OS X 'natd' Remote Denial of Service Vulnerability 32875 Apple Mac OS X Type Services PDF File Remote Denial of Service Vulnerability 32876 Apple Mac OS X BOM CPIO Header Stack Buffer Overflow Vulnerability 32877 Apple Mac OS X 'inet_net_pton' API Integer Overflow Vulnerability 32879 Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities 32880 Apple Mac OS X Managed Client Screen Saver Lock Bypass Vulnerability 32881 Apple Mac OS X 'strptime' API Memory Corruption Vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. -. Apps such as Safari use the download verification feature to warn users before launching unsafe files. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting these issues will completely compromise an affected computer. Failed exploit attempts will likely crash the affected computer. Apple Mac OS X 10.5 through 10.5.5 and Mac OS X Server 10.5 through 10.5.5 are vulnerable. NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. The following individual records have been created to better document the issues: 32870 Apple Podcast Producer Authentication-Bypass Vulnerability 32872 Apple Mac OS X UDF ISO File Handling Denial of Service Vulnerability 32873 Apple Mac OS X NFS Mounted Executable Exception Remote Denial of Service Vulnerability 32874 Apple Mac OS X 'natd' Remote Denial of Service Vulnerability 32875 Apple Mac OS X Type Services PDF File Remote Denial of Service Vulnerability 32876 Apple Mac OS X BOM CPIO Header Stack Buffer Overflow Vulnerability 32877 Apple Mac OS X 'inet_net_pton' API Integer Overflow Vulnerability 32879 Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities 32880 Apple Mac OS X Managed Client Screen Saver Lock Bypass Vulnerability 32881 Apple Mac OS X 'strptime' API Memory Corruption Vulnerability. Podcast Producer is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain access to certain administrative functions. This may result in an elevation of privilege and may aid in further attacks. This issue affects Podcast Producer for Mac OS X Server 10.5 through 10.5.5. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. This issue affects Mac OS X 10.4.11, 10.5 through 10.5.5, Server 10.4.11, and Server 10.5 through 10.5.5. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----