VARIoT IoT vulnerabilities database

The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. Linksys SPA941 phones are prone to a remote denial-of-service vulnerability. Linksys SPA941 is a 2-wire or 4-wire IP phone. The Linksys SPA941 phone does not correctly handle the \377 character in the SIP message. If the attacker contains the above character in any part of the FROM header of the sent message, it may cause the phone to restart; if the character is in other positions, it may modify the phone's Generate the content of the reply message. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an error in the processing of SIP messages. This can be exploited to reboot the phone by sending specially crafted SIP messages containing "\337" characters. The vulnerability is reported in software version 5.1.5. Other versions may also be affected. SOLUTION: Use only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Radu State ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. This vulnerability may allow an attacker to cause a denial-of-service condition. IPv6 Type 0 Routing header contains service disruption (DoS) There is a problem. IPv6 specification (RFC2460) So as an extension header Type 0 Specifies the routing header. this is IPv4 In loose source routing Is similar to IPv6 Nodes are required to process packets with this extension header. But using this feature DoS The possibility of attack is pointed out.Service operation interruption by a third party (DoS) An attack may be carried out. For example, it can be assumed that this attack consumes communication bandwidth. IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error. This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:03.ipv6 Security Advisory The FreeBSD Project Topic: IPv6 Routing Header 0 is dangerous Category: core Module: ipv6 Announced: 2007-04-26 Credits: Philippe Biondi, Arnaud Ebalard, Jun-ichiro itojun Hagino Affects: All FreeBSD releases. Corrected: 2007-04-24 11:42:42 UTC (RELENG_6, 6.2-STABLE) 2007-04-26 23:42:23 UTC (RELENG_6_2, 6.2-RELEASE-p4) 2007-04-26 23:41:59 UTC (RELENG_6_1, 6.1-RELEASE-p16) 2007-04-24 11:44:23 UTC (RELENG_5, 5.5-STABLE) 2007-04-26 23:41:27 UTC (RELENG_5_5, 5.5-RELEASE-p12) CVE Name: CVE-2007-2242 I. II. III. An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less. Other attacks may also be possible. IV. Workaround No workaround is available. V. Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch # fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/sys/netinet6/in6.h 1.35.2.5 src/sys/netinet6/in6_proto.c 1.29.2.5 src/sys/netinet6/route6.c 1.10.4.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.12 src/sys/conf/newvers.sh 1.62.2.21.2.14 src/sys/netinet6/in6.h 1.35.2.3.2.1 src/sys/netinet6/in6_proto.c 1.29.2.4.2.1 src/sys/netinet6/route6.c 1.10.4.1.4.1 RELENG_6 src/sys/netinet6/in6.h 1.36.2.8 src/sys/netinet6/in6_proto.c 1.32.2.6 src/sys/netinet6/route6.c 1.11.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.7 src/sys/conf/newvers.sh 1.69.2.13.2.7 src/sys/netinet6/in6.h 1.36.2.7.2.1 src/sys/netinet6/in6_proto.c 1.32.2.5.2.1 src/sys/netinet6/route6.c 1.11.2.1.4.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.18 src/sys/conf/newvers.sh 1.69.2.11.2.18 src/sys/netinet6/in6.h 1.36.2.6.2.1 src/sys/netinet6/in6_proto.c 1.32.2.4.2.1 src/sys/netinet6/route6.c 1.11.2.1.2.1 - ------------------------------------------------------------------------- VII. References http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD4DBQFGMTlvFdaIBMps37IRApu3AJYsifWIDLcyxNcMdnkvw4nBqXFoAJ43+IzB M5sIdCmLQABByFlbMB2BjQ== =OrNf -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-486-1 July 17, 2007 linux-source-2.6.17 vulnerabilities CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: linux-image-2.6.17-12-386 2.6.17.1-12.39 linux-image-2.6.17-12-generic 2.6.17.1-12.39 linux-image-2.6.17-12-hppa32 2.6.17.1-12.39 linux-image-2.6.17-12-hppa64 2.6.17.1-12.39 linux-image-2.6.17-12-itanium 2.6.17.1-12.39 linux-image-2.6.17-12-mckinley 2.6.17.1-12.39 linux-image-2.6.17-12-powerpc 2.6.17.1-12.39 linux-image-2.6.17-12-powerpc-smp 2.6.17.1-12.39 linux-image-2.6.17-12-powerpc64-smp 2.6.17.1-12.39 linux-image-2.6.17-12-server 2.6.17.1-12.39 linux-image-2.6.17-12-server-bigiron 2.6.17.1-12.39 linux-image-2.6.17-12-sparc64 2.6.17.1-12.39 linux-image-2.6.17-12-sparc64-smp 2.6.17.1-12.39 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change the Ubuntu 6.10 kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (linux-386, linux-powerpc, linux-amd64-generic, etc), a standard system upgrade will automatically perform this as well. Details follow: The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203) The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005) Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000) Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-2242) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453) A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525) An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875) Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876) Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878) Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1-12.39.diff.gz Size/MD5: 2086047 d07f76ec226f706d89a66e0ba3d34d44 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1-12.39.dsc Size/MD5: 2321 af3e3fecf1d80a7aca131bde9a871966 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1.orig.tar.gz Size/MD5: 59339565 2e5451201e38e865cbc7b0717fa124a1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-doc-2.6.17_2.6.17.1-12.39_all.deb Size/MD5: 4506664 f3307a7a1115f8a279a7ad52d09b251f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-kernel-devel_2.6.17.1-12.39_all.deb Size/MD5: 1097522 5d80796fb704894d1e083d7a4ea4dfa8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1-12.39_all.deb Size/MD5: 46079376 a53f61537b12be4c1886f2578daad04d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/acpi-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 28612 0b1c6e3ab9284311bfb96e1dcb812fba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 50502 074faf23893f63cef2aaae18f0bf1bc8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 2450 56e11b173c9c8dad3a233777d1c412f6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 40800 c3f23e9745643e33945c50afcd3d1a51 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 113554 98ace1d3b7e9409e5273daaa7b28495c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 44000 323e5cc16b63fd99d133539ddfa2e573 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 54026 2c1a7a6a9036ef0d9d16b82f78e56daa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 189518 10a6605cfc28a6aefd355f1ef716d599 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 40036 41ffb86ffa5d8e12c82c857a1d960b77 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 167756 fc36e453103ee9429469260e56697ac5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 60450 9672dfd9f1976cca1db9d9057027c025 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 154560 94fa3f8b54017625b2856e0399450b36 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 314682 64afdc80508ad9123b636165fe5ada0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 105986 b9f5813e5daec7a7369e86273902a33e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 1904480 b352f8bcf7f21620ef27b7ac745bd089 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-generic_2.6.17.1-12.39_amd64.deb Size/MD5: 907094 ffde52fea07954ed03bbc4b151a634ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-server_2.6.17.1-12.39_amd64.deb Size/MD5: 913466 19b6851ea5c16833ac07e737d1637591 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.39_amd64.deb Size/MD5: 7429356 31cf4ff7a0b942b456abb41effb01e83 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-generic_2.6.17.1-12.39_amd64.deb Size/MD5: 23872310 671651c6b5237c4b4f9ce0fd87322f81 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-server_2.6.17.1-12.39_amd64.deb Size/MD5: 24446348 54c63b9888616e3dc5181235faec4f7b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-generic_2.6.17.1-12.39_amd64.deb Size/MD5: 2339902 6456d0226e101c5ca46568c0ac07dbc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-server_2.6.17.1-12.39_amd64.deb Size/MD5: 2338992 4c5a331da5de8f7bd6e901f40d3065cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.39_amd64.deb Size/MD5: 1771236 c3dda7fd5856dedfadb6aeb86b1ee26b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 16792 f4e8db0d007fbf12243bfb4f73e11f54 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 279160 31ace8b9fd8a5783c00432e80ba83e9b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 256924 6c0102de5f392c6255b42d13f36eae6c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 1048458 e85815750204baa4e5121565a05b67e6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 2103870 3956e33e4d012431810b6bd043175b06 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 164430 02411ba7631f36224cc35f8e1467bcd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 10506 7e32828a1b360eefa21a2900a1ec07f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 93362 c0689220349c25b4d18561451af090db http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ntfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 52572 91e1eaf7bc0a1a95deb1e20aa31ee356 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 39814 be7f95804371cf80449ab00ab2b09ef7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 79812 8a5c2917c8e41d88fe4988be3fdf350f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 6336 44fad8c6ef38c0f4054a89482c23b8b1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 9374 e0be83662c3f41cd923cf04523dec121 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 62718 d582dc41e8dc6f9b4264457c40211e8d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 138620 e8b5351aed98cdf9973ad93d132b7905 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 115700 450d8ca2ed5957a321d6c009f3e24847 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 90612 1dc5df5c43ec890f05354ed688cdeb2e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 1286170 5615ec4ce076886b2a0b801c97742102 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 80594 1e611e34d769a2a9311e45b3854f4640 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 13480 4d84bc980757d03a15a41394b1f9a3f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 76264 1de9fdeda144490e5950d96c8d6288a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 36064 0e24439c0e8bc55dd9535faab3ec3b24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 151824 4ef6ee14338003c6bb10427c78c31214 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 53548 374272c14cf4d906d005a3e607970e58 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_amd64.udeb Size/MD5: 323418 51ef4685d9324c266635c8a11ebb59ea i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/acpi-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 21210 7da843c5002c8ea327ccac6e532e8447 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/acpi-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 23806 1a35e88cc19994aacb7a6b717c639c4f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 43876 0f8440080102c2a8a9f5c0f79c6bcdc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 44474 2572438a66d363fcd09cbfa20bb87a6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 104794 3edc3cc7b75daa93b9fa2a1dd0832b4b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 49408 902b83472a56965fd23558b65848286a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 2362 40d930bb1dd7fcdc88531537ac867601 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 2388 35cbbb51e8258c121b3976abaf028ed3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 35308 396422cb15b83177dcc6940df3503a6e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 36728 2382993640cdc93dcecb8aa07cb9bb83 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 98292 fc5ac72df3f19c0fac45c647e64e6759 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 103506 da1c50087cc38d9e618e0abc50c177c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 38470 9cb694eacd4f35d8428806874930d804 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 39222 8f4f537c7bdf54734b573486d3793928 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 44262 f2558cf0898e04a3fea19c0e89c4ce85 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 44668 62ba6d29e30a08e397bc711c3714c81a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 172752 24357036194451f6e58fa166d5971eeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 175190 88d8a49796dc3a7c55614825470c64ad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 33750 6700b5682e3fe81736b8304b1c71189f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 34712 e7634d20ac3160d0571c2488e9ecd96f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 140556 2a6634cb2d87c0cce91f516441361147 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 143830 4cb625ed09c696bbbd7e4c8ab3e1a0de http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 51758 fc9f6eaf17a82cb10fef0e946e5e8c69 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 53182 68791aae59f996a1b63d370455564243 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 131598 c83d5b2c8672d64225664c0dfa59bf05 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 139174 7e4ca011696d4606795423eaef77a801 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 288316 5ad389052046deb622f8a4ecc06acc1e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 290684 7a44cec77a36726791bd95cc9c3d61da http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 103540 84f9dd4e0da64b60d505ff32213de564 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 106734 30e33868fef929c1ae9ada34a904612a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 1737886 bb16ec7525631c14034ab29a062ef924 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 1803410 fa07a7b1af1f688576600e39a77d118b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-386_2.6.17.1-12.39_i386.deb Size/MD5: 912538 58e42b87cdb686e3b1a001a5c9d00266 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-generic_2.6.17.1-12.39_i386.deb Size/MD5: 917330 2a79321df3ffa0421730b1d13fdcb2e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-server-bigiron_2.6.17.1-12.39_i386.deb Size/MD5: 921050 cd0b834735573718dc588e33771fc69e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-server_2.6.17.1-12.39_i386.deb Size/MD5: 917220 00bf54643d92b3126916e1389b62b9a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.39_i386.deb Size/MD5: 7424710 152c4c37eeea537c091d3fbaa6ff1a19 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-386_2.6.17.1-12.39_i386.deb Size/MD5: 22850908 896bff490260d2a0a2d1c63587573776 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-generic_2.6.17.1-12.39_i386.deb Size/MD5: 22987088 7532ee46289f43572de6af13d76c8122 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-server-bigiron_2.6.17.1-12.39_i386.deb Size/MD5: 23794716 399fc0c6f4d45108ad848dee3aeb8526 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-server_2.6.17.1-12.39_i386.deb Size/MD5: 23294984 54c7e00442278882a2b5a27a9fc8a4e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-386_2.6.17.1-12.39_i386.deb Size/MD5: 1961664 54e96b54c3d01492e0defd53212da69c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-generic_2.6.17.1-12.39_i386.deb Size/MD5: 2029428 dc8fd23f7eacf60b79458d980c0be8ce http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-server-bigiron_2.6.17.1-12.39_i386.deb Size/MD5: 2067220 8d62edb94a89bb94b9c3ae0c678afdfe http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-server_2.6.17.1-12.39_i386.deb Size/MD5: 2029160 deca25a0d751c2907ec756efed4e818f http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.17/linux-image-kdump_2.6.17.1-12.39_i386.deb Size/MD5: 21530894 3b57d3f94af90d5f1c1a3cc26910922b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.39_i386.deb Size/MD5: 1771222 71c763e96fa18da947dc6eee6273f996 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 15370 10cfc18907f69359d1bdbf2f78d26d08 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 15736 35362bfbf692db23fa6ce4701fec17f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 253308 26b726d039e835abbd7b1b7f2505b15b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 263850 5dab11c3c728f078b7af1a07db1bee55 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 220370 f17526b4a1d385552171a60962087c12 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 227608 d7e47e9512916d938c43e591b43b0ace http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 1048352 6c6c9c78e73ec9f7971fe63cf49b8c16 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 1048472 d07c2b1c54c9edac2e5a975832e1276b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 2092200 94b08a57d9befd744d4a7dd984c46832 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 2142860 1823a89cdaa80f133c3042ef6027906d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 156874 8252c3c9f39252cee290205f86f3eac5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 152152 3445e3338b9c17bcb43bb4a910f56948 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 9180 b266fb5d5b4f747c79c34543d2edcbde http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 9658 e855025e195c2f8f173fae055a249a3f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 79224 b9faa2fe32fb6615b36cb5d771d195fb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 81764 22a1775183f30e2af51c6422d7b0ffd7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ntfs-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 55084 f8b386e3cf4128da93fdc168172b931d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ntfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 56734 4642732b2d53ec2974622eab1be5b036 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 34484 ae3b8321a6c2e72ce1d73aaeb51a290b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 35412 5a130ce6dd2a832191ecb3c06a936fda http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 85866 9a4364e45eb252c42c8467b5aac3238f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 87432 b52be9db245f990905b0d9ebc6dd57c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 6084 dcf193961a372c692a2eae91b3f632f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 6096 99a48360f55afe690f9473e34b6f1799 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 8608 9ec3749db2fb4fe85b772cb565ad04ee http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 8902 5cf288f11f076cf4493acb3462185a19 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 52684 b9d4b121f3ae3f4e9a59e8ef6db2cdb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 55112 72dba23de6f18debf662694afd1c86ca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 129982 3cf698040f21e94ef38da5245d398564 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 132968 6da10555d56c7a4e80b59b90af9829ee http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 99866 7f593b5372383a266557d38d6ef879d8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 101174 3b572152c1463d1515c31a73f990d2a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 79568 d5b9488f8e66089a93368f970d7c9aea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 80934 ba31c0d5c7ee98e076e9e3044dd8dac3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 1394930 8f0491b599a89d26ae8fdda93cf47535 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 1398114 9f7edf4e56a5a5363458792fbe1832e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 69148 7be68924e4c4e55ffc329ba1b30e7482 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 71082 3e9618027770b0bcc5ad955e3809081c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 11422 450542ce7fbcd5144c8ee376fc9d38ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 11980 f2779c8454730ccb72358ccca660e0d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 62478 51c02138465bcc89c68c9701b275c5dd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 63808 eeaf8f81dfe946df62111a7ea8cbdc9e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 36008 ef4b454375feece71b44259e2a20d752 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 36522 194f8344fe8660a789069cfbb99b4369 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 127288 4eb7f58f56d296423a57d6f7a562bf96 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 131320 cca3b2c3fcb5bc7f991af37e1a7f7a1d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 46806 9f859879ca4e693a42f4da083661ba0c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 47566 6fc3e9a1e7766bbca3bc5489258d56e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-386-di_2.6.17.1-12.39_i386.udeb Size/MD5: 311902 3f6da4553365c0d510f4556510396b72 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-generic-di_2.6.17.1-12.39_i386.udeb Size/MD5: 318658 d5c418b0d20538a0cd7aafb8ec1aa0b2 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/affs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 23240 66f5bf514de994d84915d882d5a611f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/affs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 26082 6be2f4d3f90adba4e6d98973677b2190 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 48586 53fd8c1845bfdcbb7e5e29b107a276c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 52034 603d87b3bbd90eba2f634ab2a9618972 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2320 e219fa60c226159fc90d6df2804347f4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2514 e1a6b95c138f84b6a50230c459e371eb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 39142 8a31b03d64d142dc174f29ddfd6469e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 43164 c6812e8fc74cc275abbf1ad8923cd95f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 111464 7687c500326dd4c20331762277160582 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 122272 b554f0b20dcd0ebfce5ca985dd15a52e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 40406 f65f76d5ff504a1e7126489858150a81 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 46878 9c14a66ff520fb173f2ec3541627f65b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 28064 8c8f4414d68106d96c0cb147375beac4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 29046 7528aa197e90533bc51c5a2faac3188d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 209724 a8697532cb81b2eb1601bcb57f398109 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 225682 0d1c7a72f611eec4e336faac7dd9893d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 44588 8ee2bf4db312823e9e19fc0701170839 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 40180 af520f3f82ae6373ecf050f6a0515bc6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fs-common-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 1960 430d783ddeaa411aa03723cb931f03a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fs-common-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2232 a4ada90e401800c697cc60b0e396e932 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/hfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 79296 02e167b7c3776269d66103ca8e2d62d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/hfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 86612 82fb17eba860416a510aa5d7b050c784 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 110262 c7dc1577ba7760981d7db9598a40137d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 127800 53fbdb953cb85dede0a7e264330927cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 55672 be221f80a184537ce3a0f2fa02b6824a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 61924 0ea661a0734d702381f0903e4296c237 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 141124 47ad113d4a43d19a08b81576ad604089 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 158556 5202300b269311ce4714754eff59efad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 314556 391adbaa26d02a6890c6b28aef0020fd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 289916 4f5665cc6d901f0d2d7fd35f3db4e615 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 113204 86bd467218a4316dde6d8e2960f4ca9d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 116436 2b0ea85fd8ec23b7d8a7b626e7347d27 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2052172 da6d033827867bd628c714edff14a8b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2771818 3c384239bea32e48f696d7d30f847746 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-powerpc-smp_2.6.17.1-12.39_powerpc.deb Size/MD5: 915864 d03bcf64df6e31149bd4b019ed60deb2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-powerpc64-smp_2.6.17.1-12.39_powerpc.deb Size/MD5: 920336 2162b15d8aea5ee373c22c874a22526b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-powerpc_2.6.17.1-12.39_powerpc.deb Size/MD5: 917858 516bcad3769297d3eef7f6d607bf35a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.39_powerpc.deb Size/MD5: 7445094 549c0326666219ba0086efade9610992 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-powerpc-smp_2.6.17.1-12.39_powerpc.deb Size/MD5: 22719040 66394a300073c7ba74ef5c80d8bb65d0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-powerpc64-smp_2.6.17.1-12.39_powerpc.deb Size/MD5: 24606070 ec3fa905f30188ea9e833087c913f7af http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-powerpc_2.6.17.1-12.39_powerpc.deb Size/MD5: 22427416 80377ed086d753ab3c77f7a402fea432 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-powerpc-smp_2.6.17.1-12.39_powerpc.deb Size/MD5: 2042736 accb89985e59b51a14a26a2bbf0c2beb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-powerpc64-smp_2.6.17.1-12.39_powerpc.deb Size/MD5: 2589636 3113e56b1500407f0395c4997cbb2fc0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-powerpc_2.6.17.1-12.39_powerpc.deb Size/MD5: 1969034 689cc515c3fe9b9dd65c6340fb7122ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.39_powerpc.deb Size/MD5: 1729872 c6ee6d64e4fcdc422c24a20f756140a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 17430 091a6b837b4f03a4e01d085d382aa5b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 17360 d81498196e5cc7ec40c6fcae5e0f8b57 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 258062 7cdc8ec029091506a1b39475c252e4dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 297904 bbb079ce725c0f5b5db736c2e034ac9a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 239038 6144f028649a23faf13a4b4611c811e9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 266536 19c8662f8f7ee669e3f618cbc68b4fd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 1048448 2d219f4cc488a3a5de3534fcc003b4c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 1048588 65293d6fcac990bda20e84635efa96aa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2098394 4fecae0ee0d1ad474f2e9b440bb50c76 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 2331766 fe68e08970accf65a0d5106e639f87ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 233858 fbd8ae40c9e092e8f6ef3ef89b5fa034 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 214704 d1c180af3cee5d80a0c6e045ab7cca66 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 12696 46e06747d49b64cce513633b79b00111 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 13316 61b3b6a0c84695365661f6ea8697d7f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 83240 0dc567f9c97d271aebe807ec017454a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 97162 85d44740ed633723dac4810b60a4941a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 71160 cc8f7ddf940a1dc28540b951d600494a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 84188 7c3bcdb3c9f430a83fe217c3f608e987 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 6346 501b4f81087de783cb047beccd821e16 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 6890 3fc743c702743c64626afb149611772e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 57002 13f8831879808c97eff7bd30fac4ffd9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 69202 ab86b925064cd257a09f4c0b18ecfcc5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 128618 15deac4a700effc177eb788d2ab7a483 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 156242 50b0643e2ed32e9155272f20acd92379 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 109764 5e9925bddb96efdb84a8c719c4815495 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 133040 aecf93580b62a1b25e346595c0a232e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 86612 20f2a685e18d0ad56f8d34d0343d921e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 94826 01743e049cfef3843e781189aa3d1497 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 1511478 4660787ea1a93756c0c0dd869c221023 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 1521588 d70e9fa47808f171ac95c169c6e29177 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 101306 c55cc8f4ff26c9e82f2f3ebf3b81388c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 115560 37bdd2239d7c633267fe0441ed93f988 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 12206 36f00173ddd7427b7540f81a56503c1d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 14294 c4c8a72bc8944313aac2200cc04e97ae http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 84678 1dd8aa1c4555a8459dae275aaac03aa9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 87956 19bca79086e039ba65e5a72d8d359f75 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 37278 c2bd19dca9c56862aa93460ccb8751ae http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 40252 1483517a7607b74fa6fcbcc22ab5fdd6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 139996 26c86dc67c3a654d8f1ec87ffa2fca28 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 161492 ebe28ec47f8f488e2235d7913a02d046 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 49996 ec1ed33de95bdb1c37aa9a9bd34bd69f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 54876 7e9284172eac7124fa71724d66d1b636 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 308218 7f86cf616bb7ab1db75697f678ea6acd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.39_powerpc.udeb Size/MD5: 330232 403f447d858dbe8c55c33563b7cf1eb5 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 50734 bb2efbe1b281982ecde5580ab6fe3b50 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 2388 5b3124294cced1f9c01bef0f54b3e6be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 40670 d5285a397b2cfbfa99b5c31547a1630d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 112228 228400863e74dde11225e875b61afc14 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 41754 fc6f0b3e063713229519155b8084a67d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 105100 b9ea17239e0badbbebcccd6fbc32e802 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 6860 3fb7358ac5a7381d52295f06bc623ab7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 147570 fa000eaaca4c2d10302b5a0d2bc69cb4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 1840714 1842940403b8e2e931a44eb01359bfe6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-sparc64-smp_2.6.17.1-12.39_sparc.deb Size/MD5: 812940 f9a5e0636476d16cec2229e413043766 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-sparc64_2.6.17.1-12.39_sparc.deb Size/MD5: 808176 2b5aebefa48c28a7c5d4209aab7033cb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.39_sparc.deb Size/MD5: 7424164 c74ba68d7311108b74006d980dd10dde http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-sparc64-smp_2.6.17.1-12.39_sparc.deb Size/MD5: 15626704 1e4b8d0931b65f611d65703b0ec0f36e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-sparc64_2.6.17.1-12.39_sparc.deb Size/MD5: 15290014 3a50dbd38c7755fe3ff318b060cc1220 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-sparc64-smp_2.6.17.1-12.39_sparc.deb Size/MD5: 2172050 ba0f7981b554898adfc969fb69ccf64b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-sparc64_2.6.17.1-12.39_sparc.deb Size/MD5: 2086206 09f393da6d5146f7dce916f54f3d7691 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.39_sparc.deb Size/MD5: 1813150 e3b3905635f967a48624137edcdbb27b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 7404 ea3a9c628a0abb24538ddbe64f19492e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 263986 2619285b2ab85918a65c1e23aac157b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 229210 dc1d9b2fd9a2bb983a928a1c901232cf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 1048450 a8621025ef6733f91c55ac4faca6e969 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 1922014 0d453425af2422b8cdbf51befa1549c1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 9916 70e259e5700fbdb85527cded08f64ed6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 40360 789d5ef17ef193756a42a6b9fc0aa33d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 8718 501c7f5bdcbfa3d4cee868f09173ccc3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 59388 36b36d79b6c3ac4ae081211a23ceb9bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 162874 6a197706de5114d0fab66cae0bd63ffc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 66650 89d73eaf9ae8e6cf12ef9eb419bcec66 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 855816 f89556200a52867a2c1a02d2ca43ac99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 51828 f226534e06e281c35a9c46e7fc163f2e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 38424 9896fecebac71aa51c4770188e89a9b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-sparc64-di_2.6.17.1-12.39_sparc.udeb Size/MD5: 283108 4ef6014b80d06c5db64affc1b671ee8a . Details follow: A buffer overflow was discovered in the Moxa serial driver. A local user could manipulate this to send signals to processes they would not normally have access to. The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments (CVE-2007-1497). A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172). A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size (CVE-2007-3105). The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG) (CVE-2007-3848). The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register (CVE-2007-4573). In addition to these security fixes, other fixes have been included such as: - The 3w-9xxx module was updated to version 9.4.1.2, adding support for 9650SE - Fixed the build of e1000-ng - Added NIC support for MCP55 - Added LSI Logic MegaRAID SAS 8300XLP support To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573 _______________________________________________________________________ Updated Packages: Corporate 4.0: 3657c208eeb3c079d9ff0a4ca55a9b03 corporate/4.0/i586/kernel-2.6.12.32mdk-1-1mdk.i586.rpm 0cd8fd1c504f3365fe503c4fd627b6ea corporate/4.0/i586/kernel-BOOT-2.6.12.32mdk-1-1mdk.i586.rpm fbabe3497810452a0052bc67a5fb4f29 corporate/4.0/i586/kernel-doc-2.6.12.32mdk-1-1mdk.i586.rpm 02edfc1bbb2bd826c4a9152d670cc2cc corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.32mdk-1-1mdk.i586.rpm 88b0876de92beff866bb91ba57be0a70 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.32mdk-1-1mdk.i586.rpm e813926dc184e911deb62a1e34cff8ed corporate/4.0/i586/kernel-smp-2.6.12.32mdk-1-1mdk.i586.rpm a8011ebbe529551463f87cc22f3da22f corporate/4.0/i586/kernel-source-2.6.12.32mdk-1-1mdk.i586.rpm 813ba955a1e9b5ff9834aeebbe477a93 corporate/4.0/i586/kernel-source-stripped-2.6.12.32mdk-1-1mdk.i586.rpm be08ad30fbc3988f654c1532e73fc330 corporate/4.0/i586/kernel-xbox-2.6.12.32mdk-1-1mdk.i586.rpm 5894ac0216cf38203d2002a19db70c15 corporate/4.0/i586/kernel-xen0-2.6.12.32mdk-1-1mdk.i586.rpm 62d5b93083df571edbf8785bc754dd6e corporate/4.0/i586/kernel-xenU-2.6.12.32mdk-1-1mdk.i586.rpm 423fe3296a56ff845fd643890663cdee corporate/4.0/SRPMS/kernel-2.6.12.32mdk-1-1mdk.src.rpm Corporate 4.0/X86_64: a51bd78ce00e65f7521625c8c67605f0 corporate/4.0/x86_64/kernel-2.6.12.32mdk-1-1mdk.x86_64.rpm 8d407ed81be714537c2c957918cedfed corporate/4.0/x86_64/kernel-BOOT-2.6.12.32mdk-1-1mdk.x86_64.rpm 730c0bae9b443e5f9d8cb3c8a3486488 corporate/4.0/x86_64/kernel-doc-2.6.12.32mdk-1-1mdk.x86_64.rpm 06391bd475945e8a8b76dcb33989fc83 corporate/4.0/x86_64/kernel-smp-2.6.12.32mdk-1-1mdk.x86_64.rpm bc9c9a881f18b5c2f892684aaeee84cf corporate/4.0/x86_64/kernel-source-2.6.12.32mdk-1-1mdk.x86_64.rpm b0240b751985babe1aabda9c9e231a92 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.32mdk-1-1mdk.x86_64.rpm b1b4750de7daf9cb12ed0057a8851f32 corporate/4.0/x86_64/kernel-xen0-2.6.12.32mdk-1-1mdk.x86_64.rpm 915a8eb87a9fc0c0deab5e696f27c59b corporate/4.0/x86_64/kernel-xenU-2.6.12.32mdk-1-1mdk.x86_64.rpm 423fe3296a56ff845fd643890663cdee corporate/4.0/SRPMS/kernel-2.6.12.32mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHE+PimqjQ0CJFipgRAprEAKCoEfNhoDZrxQng2IYqYumR/3zVvACeOoJQ 51R6ymKyEZNBb9xnSWE/E64= =QWz7 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. Safari Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The flaw exists within the QuickTime Java extensions (QTJava.dll), specifically the routine toQTPointer() exposed through quicktime.util.QTHandleRef. A lack of sanity checking on the parameters passed to this routine, through the Java Virtual Machine (JVM), allows an attacker to write arbitrary values to memory. This can be leveraged to execute arbitrary code under the context of the current user. Example code execution vectors include Microsoft Internet Explorer, Mozilla Firefox and Apple Safari. This vulnerability affects the latest versions of both the MacOS and Windows operating systems, including MacOS 10.4.9 and Windows Vista. QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be installed. Failed exploit attempts will likely result in denial-of-service conditions. This issue is exploitable through both Safari and Mozilla Firefox running on Mac OS X. Reports indicate that Firefox on Windows platforms may also be an exploit vector. Reports also indicate that Internet Explorer 6 and 7 running on Windows XP may be an exploit vector, but that a sandboxing feature may interfere with successful exploits. Neither of these points has been confirmed. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-023.html May 1, 2007 -- CVE ID: CVE-2007-2175 -- Affected Vendor: Apple -- Affected Products: Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since April 23, 2007 by Digital Vaccine protection filter ID 5310, 5311. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=305446 -- Disclosure Timeline: 2007.04.23 - Vulnerability reported to vendor 2007.04.23 - Digital Vaccine released to TippingPoint customers 2007.05.01 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Dino A. Dai Zovi. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Java Handling Unspecified Code Execution SECUNIA ADVISORY ID: SA25011 VERIFY ADVISORY: http://secunia.com/advisories/25011/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ Apple Quicktime 6.x http://secunia.com/product/810/ Apple Quicktime 5.x http://secunia.com/product/215/ Apple Quicktime 4.x http://secunia.com/product/7923/ Apple Quicktime 3.x http://secunia.com/product/10883/ DESCRIPTION: A vulnerability has been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. Other browsers and platforms may also be affected. SOLUTION: Disable Java support. Do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: Dino Dai Zovi ORIGINAL ADVISORY: Matasano: http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Safari is prone to a denial-of-service vulnerability. Apple Safari is a web browser software. This JavaScript pairs regular expressions against long strings

Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments.". WSFTP is prone to a remote denial-of-service vulnerability. WS_FTP Home is a fast, powerful FTP client program. The NetscapeFTPHandler function of WS_FTP Home has a null pointer reference when processing user input. Local attackers may use this vulnerability to cause denial of service to the server program. ESI 00000000 75DC3E09 MOVZX EAX,WORD PTR [ESI] If the function is executed with incorrect parameters: int Initialize ( char *str1, char *str2) may trigger this vulnerability, resulting in denial of service

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. Multiple Check Point ZoneAlarm products are prone to local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain elevated privileges and completely compromise an affected computer. These issues have been confirmed in: ZoneAlarm 6.5.737 ZoneAlarm Security Suite 5.5.062.004 and 6.5.737. Other versions are likely vulnerable as well. NOTE: This BID is being retired because it is a duplicate of BID 25365 (Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities). The following are vulnerable: - Versions prior to ZoneAlarm 7.0.362 - Zone Labs products that include 'vsdatant.sys' 6.5.737.0. ZoneAlarm is a personal computer firewall that protects personal data and privacy. There are multiple security vulnerabilities in the implementation and installation of ZoneAlarm, local attackers may use this vulnerability to elevate their own privileges. Since some programs run as system services, attackers can replace the installed ZoneAlarm files with their own code, which will then be executed with system-level privileges. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: ZoneAlarm Products Insecure Directory Permissions and IOCTL Handler Privilege Escalation SECUNIA ADVISORY ID: SA26513 VERIFY ADVISORY: http://secunia.com/advisories/26513/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: ZoneAlarm 6.x http://secunia.com/product/5806/ ZoneAlarm 7.x http://secunia.com/product/13889/ ZoneAlarm 5.x http://secunia.com/product/4647/ ZoneAlarm Pro 5.x http://secunia.com/product/4280/ ZoneAlarm Pro 6.x http://secunia.com/product/6071/ ZoneAlarm Security Suite 5.x http://secunia.com/product/4272/ ZoneAlarm 2.x http://secunia.com/product/3056/ ZoneAlarm 3.x http://secunia.com/product/153/ ZoneAlarm 4.x http://secunia.com/product/150/ ZoneAlarm Anti-Spyware 6.x http://secunia.com/product/6073/ ZoneAlarm Antivirus 5.x http://secunia.com/product/4271/ ZoneAlarm Antivirus 6.x http://secunia.com/product/6074/ ZoneAlarm Internet Security Suite 6.x http://secunia.com/product/6072/ ZoneAlarm Plus 3.x http://secunia.com/product/3057/ ZoneAlarm Plus 4.x http://secunia.com/product/151/ ZoneAlarm Pro 2.x http://secunia.com/product/152/ ZoneAlarm Pro 3.x http://secunia.com/product/1960/ ZoneAlarm Pro 4.x http://secunia.com/product/1961/ ZoneAlarm Wireless Security 5.x http://secunia.com/product/4648/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in ZoneAlarm products, which can be exploited by malicious, local users to gain escalated privileges. 1) Insufficient address space verification within the 0x8400000F and 0x84000013 IOCTL handlers of vsdatant.sys and insecure permissions on the "\\.\vsdatant" device interface can be exploited to e.g. access the said IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges. 2) Insecure default Access Control List (ACL) settings when ZoneAlarm tools are installed can be exploited to gain escalated privileges by replacing certain files. SOLUTION: Update to version 7.0.362. 2) Discovered by an anonymous person and reported via iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 Reversemode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . BACKGROUND Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-ware protection. The vsdatant.sys driver, also known as the TrueVector Device Driver, is the core firewall driver in ZoneAlarm products. http://www.zonelabs.com/ II. The problems specifically exist within the IOCTL handling code in the vsdatant.sys device driver. The device driver fails to validate user-land supplied addresses passed to IOCTL 0x8400000F and IOCTL 0x84000013. Since the Irp parameters are not correctly validated, an attacker could utilize these IOCTLs to overwrite arbitrary memory with the constant double-word value of 0x60001 or the contents of a buffer returned from ZwQuerySystemInformation. This includes kernel memory as well as the code segments of running processes. III. The access control mechanisms under a default installation allow restricted accounts to access the affected device drivers. IV. V. WORKAROUND Changing the access control mechanisms for the affected device drivers will prevent exploitation by restricted accounts. VI. http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4216 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/19/2006 Initial vendor notification 12/20/2006 Initial vendor response 08/20/2007 Coordinated public disclosure IX. CREDIT These vulnerabilities were reported to iDefense by Ruben Santamarta of reversemode.com. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. Check Point ZoneAlarm is prone to multiple local privilege-escalation vulnerabilities. On a default installation, only certain restricted accounts can access the vulnerable sections of the application. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. ZoneAlarm is a personal computer firewall that protects personal data and privacy. There is a vulnerability in ZoneAlarm's srescan.sys driver implementation. Local attackers may use this vulnerability to elevate their privileges in the system. The IOCTL handling code of the srescan.sys device driver does not correctly handle userland addresses passed to IOCTL 0x22208F and IOCTL 0x2220CF. In the case of IOCTL 0x2220CF, the attacker can write the constant double word value 0x30000; in the case of IOCTL 0x22208F, the attacker can write the contents of the ZwQuerySystemInformation return buffer. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege Escalation SECUNIA ADVISORY ID: SA24986 VERIFY ADVISORY: http://secunia.com/advisories/24986/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: ZoneAlarm 4.x http://secunia.com/product/150/ ZoneAlarm 3.x http://secunia.com/product/153/ ZoneAlarm 2.x http://secunia.com/product/3056/ ZoneAlarm 5.x http://secunia.com/product/4647/ ZoneAlarm 6.x http://secunia.com/product/5806/ ZoneAlarm 7.x http://secunia.com/product/13889/ ZoneAlarm Anti-Spyware 6.x http://secunia.com/product/6073/ ZoneAlarm Antivirus 5.x http://secunia.com/product/4271/ ZoneAlarm Antivirus 6.x http://secunia.com/product/6074/ ZoneAlarm Internet Security Suite 6.x http://secunia.com/product/6072/ ZoneAlarm Plus 3.x http://secunia.com/product/3057/ ZoneAlarm Plus 4.x http://secunia.com/product/151/ ZoneAlarm Pro 2.x http://secunia.com/product/152/ ZoneAlarm Pro 3.x http://secunia.com/product/1960/ ZoneAlarm Pro 4.x http://secunia.com/product/1961/ ZoneAlarm Pro 5.x http://secunia.com/product/4280/ ZoneAlarm Pro 6.x http://secunia.com/product/6071/ ZoneAlarm Security Suite 5.x http://secunia.com/product/4272/ ZoneAlarm Wireless Security 5.x http://secunia.com/product/4648/ DESCRIPTION: Some vulnerabilities have been reported in ZomeAlarm products, which can be exploited by malicious, local users to gain escalated privileges. Insufficient address space verification within the 0x22208F and 0x0x2220CF IOCTL handlers of SRESCAN.SYS and insecure permissions on the \\.\SreScan DOS device interface can be exploited to e.g. The vulnerabilities are reported in SRESCAN.SYS version 5.0.63.0 included in the free version of ZoneAlarm. Other versions may also be affected. SOLUTION: Update to version 5.0.156.0 or higher of the ZoneAlarm Spyware Removal Engine (current deployed version is 5.0.162.0). http://www.zonealarm.com/store/content/catalog/download_buy.jsp?dc=12bms&ctry=US&lang=en PROVIDED AND/OR DISCOVERED BY: Discovered by Ruben Santamarta and reported via iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517 Reversemode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=48 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors. Successful exploits will allow attackers to access administrative functionality and completely compromise vulnerable devices or gain direct access to the private network. This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity. Nortel VPN routers provide routing, VPN, firewall, bandwidth management, encryption, authentication, and data integrity functions for secure connections over IP networks and the Internet. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Nortel VPN Router Default User Accounts and Missing Authentication Checks SECUNIA ADVISORY ID: SA24962 VERIFY ADVISORY: http://secunia.com/advisories/24962/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Nortel Contivity VPN Switches http://secunia.com/product/2425/ Nortel VPN Routers http://secunia.com/product/2426/ DESCRIPTION: A vulnerability and a security issue have been reported in Nortel VPN Routers, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. 1) Two default user accounts ("FIPSecryptedtest1219" and "FIPSunecryptedtest1219") are configured on the VPN Router, which are not readily visible to the system manager. 2) Missing authentication checks within two template files of the web management tool can be exploited to e.g. modify certain router configurations. The vulnerability and security issue reportedly affect the following products: * Contivity 1000 VPN Switch * Contivity 2000 VPN Switch * Contivity 4000 VPN Switch * VPN Router 5000 *VPN Router Portfolio SOLUTION: Update to versions 6_05.140, 5_05.304, or 5_05.149. PROVIDED AND/OR DISCOVERED BY: The vendor credits Detack GmbH. ORIGINAL ADVISORY: Nortel: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors. This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity. Nortel VPN routers provide routing, VPN, firewall, bandwidth management, encryption, authentication, and data integrity functions for secure connections over IP networks and the Internet. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Nortel VPN Router Default User Accounts and Missing Authentication Checks SECUNIA ADVISORY ID: SA24962 VERIFY ADVISORY: http://secunia.com/advisories/24962/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Nortel Contivity VPN Switches http://secunia.com/product/2425/ Nortel VPN Routers http://secunia.com/product/2426/ DESCRIPTION: A vulnerability and a security issue have been reported in Nortel VPN Routers, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. 1) Two default user accounts ("FIPSecryptedtest1219" and "FIPSunecryptedtest1219") are configured on the VPN Router, which are not readily visible to the system manager. 2) Missing authentication checks within two template files of the web management tool can be exploited to e.g. modify certain router configurations. An issue regarding same DES keys used to encrypt user's passwords has also been reported, which can facilitate brute-force attacks on user's passwords if the attacker were to gain access to the LDAP store. The vulnerability and security issue reportedly affect the following products: * Contivity 1000 VPN Switch * Contivity 2000 VPN Switch * Contivity 4000 VPN Switch * VPN Router 5000 *VPN Router Portfolio SOLUTION: Update to versions 6_05.140, 5_05.304, or 5_05.149. PROVIDED AND/OR DISCOVERED BY: The vendor credits Detack GmbH. ORIGINAL ADVISORY: Nortel: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors. Successful exploits will allow attackers to access administrative functionality and completely compromise vulnerable devices or gain direct access to the private network. This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity. Nortel VPN routers provide routing, VPN, firewall, bandwidth management, encryption, authentication, and data integrity functions for secure connections over IP networks and the Internet. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Nortel VPN Router Default User Accounts and Missing Authentication Checks SECUNIA ADVISORY ID: SA24962 VERIFY ADVISORY: http://secunia.com/advisories/24962/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Nortel Contivity VPN Switches http://secunia.com/product/2425/ Nortel VPN Routers http://secunia.com/product/2426/ DESCRIPTION: A vulnerability and a security issue have been reported in Nortel VPN Routers, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. 1) Two default user accounts ("FIPSecryptedtest1219" and "FIPSunecryptedtest1219") are configured on the VPN Router, which are not readily visible to the system manager. 2) Missing authentication checks within two template files of the web management tool can be exploited to e.g. modify certain router configurations. An issue regarding same DES keys used to encrypt user's passwords has also been reported, which can facilitate brute-force attacks on user's passwords if the attacker were to gain access to the LDAP store. The vulnerability and security issue reportedly affect the following products: * Contivity 1000 VPN Switch * Contivity 2000 VPN Switch * Contivity 4000 VPN Switch * VPN Router 5000 *VPN Router Portfolio SOLUTION: Update to versions 6_05.140, 5_05.304, or 5_05.149. PROVIDED AND/OR DISCOVERED BY: The vendor credits Detack GmbH. ORIGINAL ADVISORY: Nortel: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. Input passed to certain parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest firmware versions. VB100 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb100farm.html VB101 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb101farm.html VB150 V1.1 R41: http://cweb.canon.jp/drv-upd/webview/vb150farm.html PROVIDED AND/OR DISCOVERED BY: Reported in a JVN repository. ORIGINAL ADVISORY: Canon: http://cweb.canon.jp/drv-upd/webview/notification.html OTHER REFERENCES: JVN#06735665: http://jvn.jp/jp/JVN%2306735665/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This vulnerability is documented in Cisco Bug ID as CSCse02384

Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). There are multiple security holes in the implementation of WLC: The default SNMP community string +----------------------------- WLC reads it only The public and private values ​​are used for reading and writing SNMP community strings. This vulnerability is documented in Cisco Bug ID as CSCse02384. Malformed Ethernet communication crash +----------------------------- WLC may crash when responding to malformed Ethernet communication. This vulnerability is documented in Cisco Bug ID as CSCsc90179. Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP messages, malformed 802. 11 Communication and some headers contain messages with unexpected length values. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841. Service password hardcoded in lightweight AP + -------------------------- Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points include There is a hardcoded service password for debugging. This service account is only accessible through a physical connection to the console port, but the password is the same for all devices in these families. This vulnerability is documented in Cisco Bug ID as CSCsg15192. WLAN ACL becomes invalid after restarting +-------------------------- WLC has a loophole in processing WLAN ACL, resulting in an invalid verification and save the WLAN ACL configuration. If the configuration is later reloaded at boot time, the checksum will be invalidated and the WLAN ACL will not be installed. This vulnerability is documented in Cisco Bug ID as CSCse58195

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values ​​in some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). Multiple NPU Lock-Up Vulnerabilities +----------------------------- The Network Processing Unit (NPU) is responsible for handling communication in the WLC. One or more NPUs may lock up if certain types of traffic are sent to the affected WLC. These communications include specially crafted SNAP packets, malformed 802.11 communications, and packets with unexpected length values ​​in some headers. Each NPU operates independently, servicing two physical ports on the WLC, and locking one NPU does not affect the other, so the number of NPUs available and device configuration determine whether these vulnerabilities can result in partial or complete inability to forward traffic. If you want to clear the NPU lock, you must restart the WLC. If a lockout prevents access to the management interface, a reboot must be performed through the console port or the service port. These vulnerabilities are documented in Cisco Bug IDs as CSCsg36361, CSCsg15901, and CSCsh10841

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This service account is only accessible through a physical connection to the console port, but the password is the same for all devices in these families. This vulnerability is documented in Cisco Bug ID as CSCsg15192

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. Cisco Wireless LAN Controller (WLC) is prone to multiple remote vulnerabilities, including an unauthorized-access vulnerability, an information-disclosure vulnerability, and a vulnerability that prevents the WLAN's ACLs from being installed. An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device. Cisco Wireless LAN Controllers (WLCs) manage Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). WLAN ACL becomes invalid after restarting +-------------------------- WLC has a loophole in processing WLAN ACL, resulting in an invalid verification and save the WLAN ACL configuration. This vulnerability is documented in Cisco Bug ID as CSCse58195

Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. In some cases, this can lead to changing system files and hacking the server. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. 2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. 2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. For example, a user in the LobbyAmbassador group can be added to the SuperUsers group. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. 2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------