VARIoT IoT vulnerabilities database

Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. One of the issues allows code execution in the context of an application using the wireless API. This may lead to denial-of-service conditions or the complete compromise of the affected computer. Apple Mac OS X is the operating system used by the Apple family of machines. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Apple Airport Buffer Overflow and Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA22068 VERIFY ADVISORY: http://secunia.com/advisories/22068/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Some vulnerabilities have been reported in AirPort, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Two boundary errors exist in the handling of malformed wireless network frames. The vulnerability affects the following products equipped with wireless: * Power Mac * PowerBook * iBook * iMac * Mac Pro * Xserve * PowerPC-based Mac mini 2) A boundary error exists in the AirPort wireless driver's handling of scan cache updates. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and may lead to a system crash, privilege elevation, or execution of arbitrary code with system privileges. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and could crash the application or lead to arbitrary code execution with privileges of the user running the application. Vulnerabilities #2 and #3 affect Intel-based Mac mini, MacBook, and MacBook Pro equipped with wireless and does not affect systems prior to Mac OS X v10.4. SOLUTION: Apply Security Update 2006-005 or AirPort Update 2006-001: http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=304420 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. The Apple Mac OS X AirPort wireless driver is prone to multiple buffer-overflow vulnerabilities because it fails to perform sufficient bounds checking before copying data to finite-sized buffers. One of the issues allows code execution in the context of an application using the wireless API. This may lead to denial-of-service conditions or the complete compromise of the affected computer. Apple Mac OS X is the operating system used by the Apple family of machines. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Apple Airport Buffer Overflow and Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA22068 VERIFY ADVISORY: http://secunia.com/advisories/22068/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Some vulnerabilities have been reported in AirPort, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Two boundary errors exist in the handling of malformed wireless network frames. The vulnerability affects the following products equipped with wireless: * Power Mac * PowerBook * iBook * iMac * Mac Pro * Xserve * PowerPC-based Mac mini 2) A boundary error exists in the AirPort wireless driver's handling of scan cache updates. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and may lead to a system crash, privilege elevation, or execution of arbitrary code with system privileges. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and could crash the application or lead to arbitrary code execution with privileges of the user running the application. Vulnerabilities #2 and #3 affect Intel-based Mac mini, MacBook, and MacBook Pro equipped with wireless and does not affect systems prior to Mac OS X v10.4. SOLUTION: Apply Security Update 2006-005 or AirPort Update 2006-001: http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=304420 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. The Apple Mac OS X AirPort wireless driver is prone to multiple buffer-overflow vulnerabilities because it fails to perform sufficient bounds checking before copying data to finite-sized buffers. One of the issues allows code execution in the context of an application using the wireless API. This may lead to denial-of-service conditions or the complete compromise of the affected computer. Apple Mac OS X is the operating system used by the Apple family of machines. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Apple Airport Buffer Overflow and Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA22068 VERIFY ADVISORY: http://secunia.com/advisories/22068/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Some vulnerabilities have been reported in AirPort, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Two boundary errors exist in the handling of malformed wireless network frames. The vulnerability affects the following products equipped with wireless: * Power Mac * PowerBook * iBook * iMac * Mac Pro * Xserve * PowerPC-based Mac mini 2) A boundary error exists in the AirPort wireless driver's handling of scan cache updates. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and may lead to a system crash, privilege elevation, or execution of arbitrary code with system privileges. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and could crash the application or lead to arbitrary code execution with privileges of the user running the application. Vulnerabilities #2 and #3 affect Intel-based Mac mini, MacBook, and MacBook Pro equipped with wireless and does not affect systems prior to Mac OS X v10.4. SOLUTION: Apply Security Update 2006-005 or AirPort Update 2006-001: http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=304420 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Apple QuickTime Contains a vulnerability that allows arbitrary commands to be executed. Apple QuickTime Is Windows And Apple OS X Is a media player that supports. Also, Internet Explorer And Safari , Netscape A compatible browser plug-in is also provided. Web The page creator Web In the page QuickTime Movie When incorporating QuickTime link (.qtl) You can specify parameters for starting an application using a file. One of the parameters that can be specified qtnext Is used to specify the location of multimedia files to import and play. this qtnext A vulnerability exists that allows arbitrary commands to be executed using parameters. A verification code using this vulnerability has already been released.User crafted QuickTime Open a file qtl Including files Web By browsing the page, a remote attacker may execute arbitrary commands. Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl). Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks. QuickTime 7.1.3 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, bypass certain security restrictions, manipulate certain data, and compromise a user's system. For more information: SA20442 SA22048 SA25904 SA26288 SA27311 SOLUTION: Apply updated packages. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm fcd6aebb85486f2fd1f5f21f6be6f7c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm c0a5f55e55819330bbaedb1562d3b3ab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm e28e54f197e18a1437f7e4e2d61f7716 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm 8ce609f4f23e125a3fde4e098c2f8387 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm fc5ef53403ab657af5f3a03cf0dea515 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm 84e622b990a471319a6e155fe78c7a71 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm 5668c7e37f7d3f7ab958659efbf6393f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm 7cab38da286e5c6b61eee35253159b2d openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm 63b9dcf5769346e9fa63cc5bc58cbf2f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm 86c8f71674d54597867bbfef0523f455 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm 56ae1f2a6d01b66e7b828811baef386f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm f90f8b1a40acb84af586070b2b36a3c7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm b6f30d4a98dd664f531f9c7b0c5361a7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm 12f05e3f903e3588a33e129ad5afa2ba ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm 8c5ae9dfe961c2dd22c5858e34f1ddcd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm 4b9d7b965de396aba2dae8d44e02d2ed SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-2.0.0.8-1.2.i586.rpm 0c79e6ed846f58ee38f2195899700783 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.2.i586.rpm 2b1f78a24b7c604e491f874b4ee010eb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.9-1.5.i586.rpm 136302b1383bfa10e6963ac51c487156 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.9-1.5.i586.rpm e1cb5dd0e2f58ddfcf1e6aeba8188f2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.0.9-1.5.i586.rpm 540c5555216bbfb8e083cadacf97cd56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.9-1.5.i586.rpm 0289839942737ac0942dd2a9f5eefe9b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.9-1.5.i586.rpm 0795a2047ccf35a566480a9b66de3b95 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0.9-1.5.i586.rpm e85070685e2a7306c942880786261678 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.9-1.5.i586.rpm 29dba3d7132a130c2a7fe454556ed8a9 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm b443c59893edc2831856b44cb45d6818 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm ed267848820945045e32a853fee275d9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.8_seamonkey_1.0.9-2.7.i586.rpm 66fce2adb0f9afae473ef0fe95dced71 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.i586.rpm 2bd9fd5b7441f14d102f67b7dfd59ba9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.8_seamonkey_1.0.9-2.7.i586.rpm d9f3f1505fcfb25af2980ac738ede92e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.i586.rpm 60e214cfb4c3a4786e2cd1a3238c5aeb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.8_seamonkey_1.0.9-2.7.i586.rpm c17c89b837b176c532dd4df5d5fe208c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-ko-1.75-3.5.i586.rpm d4175069e22129dc9355d7db0492f250 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.8_seamonkey_1.0.9-2.7.i586.rpm 98a94679da3e405c7ed1ff7ae9405224 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.i586.rpm 2c6a412a94f5912907b0c6bcd07124e5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.i586.rpm f4f5da1e91972d8d188757389dcb5057 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-CN-1.7-6.5.i586.rpm 5fb2bf8cb496278cc3311c6db64551ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-TW-1.7-6.5.i586.rpm 39e86845e27e9923476a8cde8da90eff Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm 9c9ac689cc29aae1488c7ad7b92d0bdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm 21e9f77bbb3c20814137327f6eaee9f9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm cc32112a9f89abba812147e40d0255d0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm 2c925817e2a4c98463cb9c09237a6cb5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm facd6df5c71d962063177fc348bb767f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm 03df79f55ac1616296b7e0742013e8ad http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm f06ae78053dd6cf62454fd1f39123633 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm c478ed242f3224ff7fe30d77967e7bee openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm 6cc2e85621a7f5bd5e4b7d079cf7205b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm f34326ed73827774922995a0091ea4c4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm f82ae91873004c2aca4a6886df913ac7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm 5e54828377b091f9630628f5b1f22312 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm f6fee9249b8b8ed0169f45a31845e54d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm 0bb3655011a19a1b5c8e20a275151eaa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm 06d93fdc67ea905637258c00a69f0a6d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm fdab90f20d0e9603cdde5ae40c59ec78 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-2.0.0.8-1.2.ppc.rpm 04972567fc2d1b3c9a1cd48de0a6a719 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.2.ppc.rpm b221dcecab11e53206be8d2b68af2897 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.9-1.5.ppc.rpm 4ebcb7702a69f0296fec491e8e06eb8f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.9-1.5.ppc.rpm bd1952ecd073cf8431f2444a3e4d4645 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0.9-1.5.ppc.rpm d3b6f079dd977541fb12b3c931581e49 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.9-1.5.ppc.rpm 82c041d37045a1eb1faba6a0b793d29b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.9-1.5.ppc.rpm 66c77272f5d36f3b7338afc5b4c7f5a8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.9-1.5.ppc.rpm 2754235ca272e2f471d23dfe298b976c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.9-1.5.ppc.rpm 4cb01eb812c293bfadaf636d91ba2f6b SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm 53176a31ec82d1433b9c85bdb5e4d55d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm 73cd0d20c927925d0c5fb8313e8e7761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-1.8_seamonkey_1.0.9-2.7.ppc.rpm f2f91a58e1141ef80c23528aca6ea4f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.ppc.rpm 9d48e1cc4486f0456c85a286acdfdd2f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-devel-1.8_seamonkey_1.0.9-2.7.ppc.rpm 6ce5464cbf1d814d79f3572735668bc3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.ppc.rpm dba8224a3018683fb25ef153f5c9216f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-irc-1.8_seamonkey_1.0.9-2.7.ppc.rpm d3a6233e9be5b73a13c77116b9be6659 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-ko-1.75-3.5.ppc.rpm 6aec834bdb366e4132c14186a8af7a5e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-mail-1.8_seamonkey_1.0.9-2.7.ppc.rpm 74db865b27ddf466507a9f53927977f2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.ppc.rpm 863dfd26f01216c2a355d8a6873509a8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.ppc.rpm 6655b800453b4352a7f0767fbdc16c99 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-CN-1.7-6.5.ppc.rpm 3b1227b6646d573e0b36667cdbf8b431 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-TW-1.7-6.5.ppc.rpm ea3f2ec400ef34feb6181584dd2df51f x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFirefox-2.0.0.8-1.1.x86_64.rpm 286bc8449e069e29d0185180ae9af95a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFirefox-translations-2.0.0.8-1.1.x86_64.rpm 423752fd83adb06750f5463ef86c4b94 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm 535f222a51cf9b2b02b87d1e4662e562 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm 3e04002a25b7bb9fe4a4219e3a7fd177 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm 21936c9d7ca8a79e825608ff8ed6e87f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm f555ef7f3ff24402f806eda5abc0750f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm c2843979e9fa2e847e48e39b1561fc90 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm 248795e918196b3b6dd0b74e32747ea2 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-2.0.0.8-1.1.x86_64.rpm 6feaf265388a8e0d74f56d0b339c1b7b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-translations-2.0.0.8-1.1.x86_64.rpm cc00f89ee535e0ead4036646b4a5b8aa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm 8791bfe757b4397d347be1e85be8c92d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm 301c934989919c637aa6585c9b93ddaa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm 8391c2b342d00def8fec429bed80597c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm 56679451877bd2819907849119cae823 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm 126d4df4e4cfe9e727572fc3ea29cf6f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm 4f93cb97a2eb9e27b28356cd22acc358 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.9-1.5.x86_64.rpm b1b6e0fb86137856bcb99f9eadc8b311 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.9-1.5.x86_64.rpm 9022c6152510f336e4a2dfea4be2d2fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-1.0.9-1.5.x86_64.rpm 8369f700d85a46e6cac2a144c0b83eba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.9-1.5.x86_64.rpm b9996f34dcd09395e11dfe7978136a46 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.9-1.5.x86_64.rpm 76404dc283e649d15d12cae9c20479e2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1.0.9-1.5.x86_64.rpm 7822779669eedc3a963cc073339b7ad7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.9-1.5.x86_64.rpm 900c48a2079694f4163efa8e868846a4 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.8_seamonkey_1.0.9-2.7.x86_64.rpm c6e7c2fb0c20d62384a5705882980246 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 100a0e68b16325739f04e37112174ef5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 1f2f19a68a3bc76920f1acdc1b57f64d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.x86_64.rpm a37b87151167c84a2879fa21171f6869 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 27bdbef4228a6e38f043fb62d098d6ca ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-ko-1.75-3.5.x86_64.rpm 0329e13cf39f6b049b0eb6d77e0a5d3e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.8_seamonkey_1.0.9-2.7.x86_64.rpm bea94ac34f30deba19495135d401057f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.x86_64.rpm cbf92cb5ba4e9c8f8c759211dd98abb5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 58366db4cf007ece188dc0b684653f43 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-CN-1.7-6.5.x86_64.rpm ff54d8d75657211b988c5f066290da47 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-TW-1.7-6.5.x86_64.rpm 991b44d1019e1691a226f4c4c34d01e7 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm 504257c7bb91d92c8c57f1d19a744885 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/seamonkey-1.1.5-0.1.src.rpm 3084f6f2578a126f4fc2ee09c4e99956 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm ec010caa558bf186407aa6c01a0c86b9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.5-0.1.src.rpm 08b9664a84a9cd3e230fc548d1f700fa SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.9-1.5.src.rpm da54807f0d499f28af2cb1618eead8e0 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm 1fda55bec5840d4665ad497c29f1a607 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.8_seamonkey_1.0.9-2.7.src.rpm f259a9c634aa3b2a14f8896ce0d34f76 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-ko-1.75-3.5.src.rpm e7ecbfb4143f47767e179a1f2d9e7c94 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-CN-1.7-6.5.src.rpm a5096f53ac8f021e43fb0268c7d33839 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-TW-1.7-6.5.src.rpm 6871a8338eb79ad9b0c7f61a53429cef Open Enterprise Server http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html http://support.novell.com/techcenter/psdb/94e7e87449ed25841acaf9b535567347.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html ORIGINAL ADVISORY: http://www.novell.com/linux/security/advisories/2007_57_mozilla.html OTHER REFERENCES: SA20442: http://secunia.com/advisories/20442/ SA22048: http://secunia.com/advisories/22048/ SA25904: http://secunia.com/advisories/25904/ SA26288: http://secunia.com/advisories/26288/ SA27311: http://secunia.com/advisories/27311/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. via applications invoking Firefox with unfiltered command line arguments. This is related to: SA22048 SA25984 The security issue affects Firefox prior to version 2.0.0.7. SOLUTION: Update to version 2.0.0.7. NOTE: Support for Firefox 1.5.0.x has ended June 2007. The vendor encourages users to upgrade to Firefox 2. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an input validation error within the handling of system default URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g. ".bat", ".cmd") Examples: mailto:test%../../../../windows/system32/calc.exe".cmd nntp:../../../../../Windows/system32/telnet.exe" "secunia.com 80%.bat Successful exploitation requires that Internet Explorer 7 is installed on the system. The vulnerability is confirmed on a fully patched Windows XP SP2 and Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios Firefox not escaping quotes originally discussed by: * Jesper Johansson Additional research by Secunia Research. ORIGINAL ADVISORY: Billy (BK) Rios: http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/ OTHER REFERENCES: US-CERT VU#783400: http://www.kb.cert.org/vuls/id/783400 Jesper Johansson blog: http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-297B Adobe Updates for Microsoft Windows URI Vulnerability Original release date: October 24, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier Overview Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. I. Description Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150. Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. II. III. Solution Apply an update Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows. Disable the mailto: URI in Adobe Reader and Adobe Acrobat If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details. Appendix A. Vendor Information Adobe For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18. Appendix B. References * Adobe Security Bulletin APSB07-18 - <http://www.adobe.com/support/security/bulletins/apsb07-18.htm> * Microsoft Security Advisory (943521) - <http://www.microsoft.com/technet/security/advisory/943521.mspx> * US-CERT Vulnerability Note VU#403150 - <http://www.kb.cert.org/vuls/id/403150> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-297B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-297B Feedback VU#403150" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Internet web sites are normally not allowed to link to local resources

Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. Cisco Guard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the visited site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. When anti-spoofing is enabled, a remote attacker can pass certain URLs that are not properly processed when the device sends metadata refresh. Character sequences injected into arbitrary web script or HTML. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to insufficient filtering of a meta-refresh before it is being returned to a user. If Cisco Guard is running in active basic protection, going through basic/redirect protection, this can be exploited to execute HTML and script code in a user's browser session by e.g. tricking a user into following a specially crafted URL. The vulnerability affects the following products: - Cisco Guard Appliance version 3.X - Cisco Guard Blade version 4.X - Cisco Guard Appliance versions 5.0(3) and 5.1(5) SOLUTION: Update to version 5.1(6) or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". Cisco IPS systems may fail to check specially-crafted IP packets that are fragmented. The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Cisco Intrusion Prevention and Intrusion Detection Systems are prone to an inspection-bypass vulnerability. An attacker can exploit this issue to bypass the inspection mechanism. This may allow attackers to covertly attack presumably protected systems. This issue is being tracked by Cisco bug IDs CSCse17206 and CSCsf12379. An attacker can exploit this issue to cause the interface to become unresponsive, effectively denying administrative access to devices. This could allow an attacker to bypass the protection provided by the IPS device and gain access to internal systems. This can be exploited to bypass the Intrusion Prevention System to e.g. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an error within the processing of SSL v2 client Hello packets. This can be exploited to cause a DoS by sending a specially crafted Hello packet to a vulnerable system. Successful exploitation can cause the mainApp process to fail, stopping a system from responding to remote management request sent to the web administration interface or the command-line interface via SSH, sending SMTP traps, and automatically updating ACLs (Access Control Lists) on remote firewall systems. The vulnerability affects the following products: - Cisco IDS 4.1(x) software prior to 4.1(5c) - Cisco IPS 5.0(x) software prior to 5.0(6p1) - Cisco IPS 5.1(x) software prior to 5.1(2) SOLUTION: Apply updated software. Cisco IDS 4.1(5b) and earlier: Update to Cisco IDS 4.1(5c) Cisco IPS 5.0(6p1) and earlier: Update to Cisco IPS 5.0(6p2) Cisco IPS 5.1(1) and earlier: Update to Cisco IPS 5.1(2) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml OTHER REFERENCES: US-CERT VU#658884: http://www.kb.cert.org/vuls/id/658884 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. A remote buffer-overflow vulnerability is reported in the Ipswitch WS_FTP client. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may exploit this issue to cause the affected client to crash. Execution of arbitrary code in the context of the FTP client process may also be possible. Version 5.08 of the affected software is vulnerable; other versions may be affected as well. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. WS_FTP Server has a buffer overflow vulnerability when processing the registered super long SITE command locally. Local attackers may use this vulnerability to elevate their privileges. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: WS_FTP LE "PASV" Response Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA22032 VERIFY ADVISORY: http://secunia.com/advisories/22032/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: WS_FTP LE 5.x http://secunia.com/product/12062/ DESCRIPTION: h07 has discovered a vulnerability in WS_FTP LE, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the handling of responses to the "PASV" command. This can be exploited to cause a buffer overflow by e.g. tricking a user into connecting to a malicious FTP server. SOLUTION: Connect to trusted FTP servers only. Use another product. PROVIDED AND/OR DISCOVERED BY: h07 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. Cisco IPS systems may fail to check specially-crafted IP packets that are fragmented. The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Cisco Intrusion Prevention and Intrusion Detection Systems are prone to an inspection-bypass vulnerability. An attacker can exploit this issue to bypass the inspection mechanism. This may allow attackers to covertly attack presumably protected systems. This issue is being tracked by Cisco bug IDs CSCse17206 and CSCsf12379. An attacker can exploit this issue to cause the interface to become unresponsive, effectively denying administrative access to devices. Remote attackers may use this vulnerability to cause the management port to fail. This can be exploited to bypass the Intrusion Prevention System to e.g. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an error within the processing of SSL v2 client Hello packets. This can be exploited to cause a DoS by sending a specially crafted Hello packet to a vulnerable system. Successful exploitation can cause the mainApp process to fail, stopping a system from responding to remote management request sent to the web administration interface or the command-line interface via SSH, sending SMTP traps, and automatically updating ACLs (Access Control Lists) on remote firewall systems. The vulnerability affects the following products: - Cisco IDS 4.1(x) software prior to 4.1(5c) - Cisco IPS 5.0(x) software prior to 5.0(6p1) - Cisco IPS 5.1(x) software prior to 5.1(2) SOLUTION: Apply updated software. Cisco IDS 4.1(5b) and earlier: Update to Cisco IDS 4.1(5c) Cisco IPS 5.0(6p1) and earlier: Update to Cisco IPS 5.0(6p2) Cisco IPS 5.1(1) and earlier: Update to Cisco IPS 5.1(2) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml OTHER REFERENCES: US-CERT VU#658884: http://www.kb.cert.org/vuls/id/658884 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. Certain versions of the Cisco IOS software have a hard-coded SNMP read-write community string that cannot be changed by an administrator. This issue allows an attacker to gain unauthorized access to the device and may result in a complete compromise of the device. Cisco IOS is the operating system used by Cisco equipment. The default community strings are the result of inadvertently identifying these devices as supported Data over Cable Service Interface Specification (DOCSIS) compliant interfaces. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco IOS DOCSIS Community String Vulnerability SECUNIA ADVISORY ID: SA21974 VERIFY ADVISORY: http://secunia.com/advisories/21974/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to compromise a vulnerable system. http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

OSU is an HTTP server designed for the Compaq/HP OpenVMS operating system. The OSU has multiple vulnerabilities in handling user requests, and remote attackers may exploit these vulnerabilities to obtain some information about the server. If you request a file that does not exist from OSU, you may leak the full absolute path of the web root. In addition, if a specially crafted URL containing a wildcard is submitted, the contents of the directory may be leaked when processing this request. This may allow a malicious user to gain access to sensitive data; information gained may aid in further attacks. Versions 3.11a and 3.10a are vulnerable; other versions may also be affected

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. Apple Remote Desktop is prone to an authentication-bypass vulnerability. A local attacker can exploit this issue to gain superuser privileges to a vulnerable computer. ARD allows UNIX commands to be sent remotely from a management workstation. Since the ARD administrator may have given sudo access, commands sent remotely may run with root privileges. The LoginWindow process belongs to the logged in user. If the system is in the login window, the LoginWindow process will belong to root. If the system is loaded with a disk image that only root can see, the image will try to appear on the desktop, clicking the mouse will force the display of the desktop and menu, and then the user with physical access to the system will be able to see a finder window, and the root user of the home directory. Users can ignore the login window and then gain full root access

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. Citrix Access Gateway is prone to an authentication-bypass vulnerability. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an error in the LDAP authentication. Other versions may also be affected. SOLUTION: Apply hotfix AAC420W004. http://support.citrix.com/article/CTX110439 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX110950 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. This vulnerability CVE-2006-4855 It is a reproduction.Local user disrupts service operation via invalid data ( System crash ) It may be in a state. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. Symantec is currently investigating this issue; this BID will be updated as more information becomes available. NOTE: This BID is being retired because it is already covered in BID 20051. Please see the vulnerable systems section for details regarding affected Symantec products. This vulnerability is a re-reference of CVE-2006-4855

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. Please see the vulnerable systems section for details regarding affected Symantec products. Norton does not adequately protect the \Device\SymEvent driver, nor does it validate its input buffer, allowing Everyone to write data to this driver, which may cause the driver to perform invalid memory operations and crash the entire operating system. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an error in the handling of data sent to the "\Device\SymEvent" device which is writable by "Everyone". Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: David Matousek ORIGINAL ADVISORY: http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WS_FTP Server. Anonymous access or authentication is required to exploit this vulnerability.The specific flaw exists due to a lack of bounds checking during the parsing of long string arguments to the 'XCRC', 'XSHA1' and 'XMD5' commands leading to a stack overflow vulnerability. Exploitation requires valid or anonymous FTP server credentials. Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available. A successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers. Ipswitch WS_FTP Server 5.04 and 5.05 are vulnerable to these issues; other versions may also be affected. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. The exploitation of the vulnerability requires the user to log in to the system with a legal account, but No writable directory is required. ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-06-029.html September 26, 2006 -- CVE ID: CVE-2006-5000 -- Affected Vendor: Ipswitch -- Affected Products: Ipswitch WS_FTP Server v5.04, v5.05 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since September 26, 2006 by Digital Vaccine protection filter ID 4705. -- Vendor Response: Ipswitch has issued an update, version 5.05 Hotfix 1, to correct this vulnerability. More details can be found at: http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp -- Disclosure Timeline: 2006.09.01 - Vulnerability reported to vendor 2006.09.26 - Digital Vaccine released to TippingPoint customers 2006.09.26 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available. A successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers. Ipswitch WS_FTP Server 5.04 and 5.05 are vulnerable to these issues; other versions may also be affected. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. There is a typical stack overflow vulnerability in WS_FTP when processing super long XCRC/XSHA1/XMD5 extended command parameters. The exploitation of the vulnerability requires the user to log in to the system with a legal account, but No writable directory is required. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: WS_FTP Server FTP Commands Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21932 VERIFY ADVISORY: http://secunia.com/advisories/21932/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: WS_FTP Server 5.x http://secunia.com/product/3853/ DESCRIPTION: A vulnerability have been reported in WS_FTP Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is due to a boundary error when parsing arguments to the "XCRC", "XSHA1", and "XMD5" commands. This can be exploited to cause stack-based buffer overflows via overly long command arguments. The vulnerability has been reported in version 5.05. SOLUTION: Apply patch. http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. Apple Mac OS X kextload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied data before copying it to a finite-sized memory buffer. This issue is not exploitable by itself, because kextload is not installed as a setuid-superuser application by default. To exploit this issue, an attacker must use another program running with elevated privileges to directly manipulate the arguments passed to kextload. An attacker can exploit this issue to execute arbitrary machine code with superuser privileges. A successful exploit may result in the complete compromise of the affect computer

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. 2) Another format string error exists in the alert notification process when displaying a notification message upon detection of a malicious file. SOLUTION: Apply patches (see patch matrix in vendor advisory). PROVIDED AND/OR DISCOVERED BY: 1) David Heiland, Layered Defense. 2) Reported by the vendor ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html Layered Defense: http://layereddefense.com/SAV13SEPT.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1216-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 20th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : flexbackup Vulnerability : insecure temporary file Problem-Type : local Debian-specific: no CVE ID : CVE-2006-4802 Debian Bug : 334350 Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack. For the stable distribution (sarge) this problem has been fixed in version 1.2.1-2sarge1 For the upcoming stable distribution (etch) this problem has been fixed in version 1.2.1-3. For the unstable distribution (sid) this problem has been fixed in version 1.2.1-3. We recommend that you upgrade your flexbackup package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc Size/MD5 checksum: 587 06539319d0534272e216306562677723 http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz Size/MD5 checksum: 3546 3365f545bd49464f4e58bacc503f8b28 http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1.orig.tar.gz Size/MD5 checksum: 80158 4955c89dbee354248f354a9bf0a480dd Architecture independent components: http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb Size/MD5 checksum: 75836 240f8792a65a0d80b8ef85d4343a4827 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFYhMIXm3vHE4uyloRAjjTAKDCnxcy1cKXf1yBEbVCIyc3JANyMQCgz8JD pz5K4X1ok9uom1/tmGPBFoU= =WJOD -----END PGP SIGNATURE-----

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. 2) Another format string error exists in the alert notification process when displaying a notification message upon detection of a malicious file. SOLUTION: Apply patches (see patch matrix in vendor advisory). PROVIDED AND/OR DISCOVERED BY: 1) David Heiland, Layered Defense. 2) Reported by the vendor ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html Layered Defense: http://layereddefense.com/SAV13SEPT.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . 09/13/2006 \x96 Vendor Public disclosure. ================================================== 6) Credits Discovered by Deral Heiland, www.LayeredDefense.com ================================================== 7) References CVE Reference: CVE-2006-3454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3454 ================================================== 9) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com ================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . http://www.layereddefense.com ==================================================

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. (CVE-2006-4774) If exploited by a remote attacker, the device could go into a denial of service. 2) Since there is a flaw that the setting revision number is processed as a negative integer, VLAN There is a problem that changes in configuration information are not properly reflected. (CVE-2006-4775) If exploited by a remote attacker, VLAN Changing the setting information may be hindered. 3) VLAN There is a flaw in checking the length of the name, 100 There is a problem where heap overflow occurs when processing names longer than letters. (CVE-2006-4776) If exploited by a remote attacker, the device could go into a denial of service or potentially execute arbitrary code.Please refer to the “Overview” for the impact of this vulnerability. These issues include two denial-of-service vulnerabilities and a buffer-overflow vulnerability. Attackers require access to trunk ports on affected devices for VTP packets to be accepted. Attackers may reportedly use the Dynamic Trunk Protocol (DTP) to become a trunking peer to gain required access. By exploiting these issues, attackers may crash affected routers, cause further VTP packets to be ignored, or potentially execute arbitrary machine code in the context of affected devices. Cisco IOS 12.1(19) is vulnerable to these issues; other versions are also likely affected. 2 VTP Modified Version Integer Wrapping If an attacker can send VTP updates (digest and sub) to a Cisco IOS or CatOS device, he can choose the modified version number of the VTP message himself. IOS will accept the version number 0x7FFFFFFF. Therefore, this revision number is treated as a large negative value. From this point on the switch cannot communicate with the changed VLAN configuration, as all other switches will reject the generated update, 3 VLAN name heap overflow If an attacker is able to send VTP updates to the Cisco IOS device, type 2 frames contain record of. One field of the VTP record contains the name of the VLAN, and the other field is the length of the name. If the updated VLAN name is larger than 100 bytes and the VLAN name length field is correct, it will cause a heap overflow and execute arbitrary code on the receiving switch. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco IOS VTP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21896 VERIFY ADVISORY: http://secunia.com/advisories/21896/ CRITICAL: Moderately critical IMPACT: Manipulation of data, DoS, System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS 10.x http://secunia.com/product/184/ Cisco IOS 11.x http://secunia.com/product/183/ Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R11.x http://secunia.com/product/53/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: FX has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable network device. This can be exploited to reset the switch with a Software Forced Crash Exception by sending a specially crafted packet to a trunk enabled port. 2) An integer overflow error exists in the VTP configuration revision handling. 3) A boundary error exists in the processing of VTP summary advertisement messages. This can be exploited to cause a heap-based buffer overflow by sending a specially crafted message containing an overly long VLAN name (more than 100 characters) to a trunk enabled port. NOTE: The packets must be received with a matching domain name and a matching VTP domain password (if configured). SOLUTION: A fix is reportedly available for vulnerability #1. The vendor also recommends applying a VTP domain password to the VTP domain (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: FX, Phenoelit. ORIGINAL ADVISORY: Phenoelit: http://www.phenoelit.de/stuff/CiscoVTP.txt Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------