Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200609-1595 CVE-2006-4406 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation (PADI) packets. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Both local and remote vulnerabilities are present
VAR-200609-1614 CVE-2006-4396 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities. These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues
VAR-200609-1606 CVE-2006-4412 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Apple Safari WebKit fails to properly deallocate objects. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities. These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues
VAR-200609-1587 CVE-2006-5710 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects the eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 computers which were equipped with an original AirPort card. Computers with an AirPort Extreme are not affected. An Apple AirPort device is a wireless access point that provides 802.11 services to network clients. There is a memory corruption vulnerability in Apple AirPort when processing malformed probe response packets
VAR-200609-1634 CVE-2006-4343 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613 Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 29 September 2006 Update: The initial fix for this vulnerability was incomplete, and the fault in the fix could enable a Denial of Service attack in some cases of the attack described in CVE-2006-2940. _______________________________________________ Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937) Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. (CVE-2006-4343) Updated packages are patched to address these issues. Update: There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00849540 Version: 1 HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-01-17 Last Updated: 2007-01-23 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01 BACKGROUND AFFECTED VERSIONS For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.23 =========== hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. Apache Update Procedure Check for Apache Installation ----------------------------- To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server Stop Apache ------------- Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop Download and Install Apache -------------------------- Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. Removing Apache Installation --------------------------- The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product. PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA HISTORY: rev.1 - 23 January 2007 Initial Release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE-----
VAR-200609-0315 CVE-2006-4389 Apple QuickTime fails to properly handle SGI images CVSS V2: 5.1
CVSS V3: -
Severity: MEDIUM
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380) There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart beahvior during updates, as well as scripted setups that temporarily stopped the server to backup the database files. (Bug #15724) The Corporate 3 and MNF2 products are not affected by these issues. Packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 http://qa.mandriva.com/show_bug.cgi?id=15724 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm 49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm 94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm 445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm 0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm 064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm 6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm 7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm 9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm 9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm 3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm 4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/ 1ejA4Amd8JfkWa7DQPpj2Mg= =aSz3 -----END PGP SIGNATURE----- . McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows. Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI. Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed. The risk rating for these issues is medium. _________________________________________________ * Vulnerable Systems QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below _________________________________________________ * Vulnerability Information CVE-2006-4382 Two buffer overflow vulnerabilities are present in QuickTime MOV format support. CVE-2006-4384 On heap overflow vulnerability is present in QuickTime FLC format support. CVE-2006-4385 One buffer overflow vulnerability is present in QuickTime SGI format support. CVE-2006-4386 One buffer overflow vulnerability is present in QuickTime MOV H.264 format support. CVE-2006-4388 One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support. CVE-2006-4389 One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support. _________________________________________________ * Resolution Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows. Further information is available at: http://docs.info.apple.com/article.html?artnum=304357 _________________________________________________ * Credits These vulnerabilities were discovered by Mike Price of McAfee Avert Labs. _________________________________________________ * Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. Best regards, Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background ========== Win32 binary codecs provide support for video and audio playback. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
VAR-200609-0308 CVE-2006-4379 The Ipswitch IMail Server is vulnerable to a buffer overflow CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server SMTP Service Unspecified Vulnerability SECUNIA ADVISORY ID: SA21795 VERIFY ADVISORY: http://secunia.com/advisories/21795/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ DESCRIPTION: A vulnerability has been reported in IMail Server, which can be exploited by malicious people to compromise a vulnerable system. ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-028.html September 7, 2006 -- CVE ID: CVE-2006-4379 -- Affected Vendor: Ipswitch -- Affected Products: ICS/IMail Server 2006 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since August 31, 2006 by Digital Vaccine protection filter ID 4496. -- Vendor Response: Ipswitch has issued an update, version 2006.1, to correct this vulnerability. More details can be found at: http://www.ipswitch.com/support/imail/releases/im20061.asp -- Disclosure Timeline: 2006.06.22 - Vulnerability reported to vendor 2006.08.31 - Digital Vaccine released to TippingPoint customers 2006.09.07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product
VAR-200609-0146 CVE-2006-4650 Cisco IOS Rogue GRE Vulnerability that bypasses packet access control CVSS V2: 2.6
CVSS V3: -
Severity: LOW
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. Cisco IOS Contains source routing information GRE Packet Offset A vulnerability exists where the starting position of the source routing information is not properly calculated when releasing an encapsulated packet due to improper checks on the field.Inappropriate areas of the packet may be referred to as source routing information, and packets released from the device may be forwarded. Cisco IOS is prone to multiple vulnerabilities when decapsulating GRE routing packets. Specifically, these issues present themselves when the device handles malicious GRE packets with oversized header offset values, and also with malicious GRE packets containing modified source-routing data. A successful attack can allow an attacker to disclose sensitive information in process memory buffers, bypass security restrictions, deny service to legitimate users, or possibly crash the Cisco IOS operating system. Cisco IOS 12.0, 12.1, and 12.2 based trains are reported vulnerable. All devices running affected versions of Cisco IOS that are configured with GRE IP or GRE IP multipoint tunnels are vulnerable to this issue. Remote attackers may cause errors in device processing packets. If a specially crafted GRE message is received, the IOS device does not verify whether the offset field points to the message. If the offset value is set to a negative value, the IOS directly subtracts the offset from the integer containing the full length of the IP message. shift, resulting in buffer access out-of-bounds overflow. This may lead to interpreting the rest of the memory contents of the ring buffer as payload IP packets and re-injecting them into the routing queue with large length information: GRE decapsulated IP 0.3.74.0->0.0.1.30 (len =65407, ttl=39) GRE decapsulated IP 176.94.8.0- > 0.0.0.0 (len=64904, ttl=0) GRE decapsulated IP 0.15.31.193- > 176.94.8.0 (len=64894, ttl=237) GRE decapsulated IP 128.42.131.220->128.0.3.74 (len=64884, ttl=128) If the ring buffer can be carefully filled with legitimate traffic containing IP headers at the appropriate offsets, an attacker can create many An IP packet with a large length value. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco IOS GRE Decapsulation Vulnerability SECUNIA ADVISORY ID: SA21783 VERIFY ADVISORY: http://secunia.com/advisories/21783/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: FX has reported a vulnerability in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions. This can potentially be exploited to bypass access control lists on the router by sending specially crafted packets. NOTE: Cisco IOS version 12.0S, with a revision later than 12.0(23)S, with CEF enabled is not affected. SOLUTION: Apply patch CSCuk27655, CSCea22552, or CSCei62762. PROVIDED AND/OR DISCOVERED BY: FX, Phenoelit. ORIGINAL ADVISORY: Phenoelit: http://www.phenoelit.de/stuff/CiscoGRE.txt Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200609-0075 CVE-2006-4617 vtiger CRM of fileupload.html Vulnerable to uploading arbitrary files CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder
VAR-200609-0040 CVE-2006-4562 Symantec Gateway Security Security hole CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
VAR-200609-0837 CVE-2006-4339 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. RSA The signature is used to prove that the message origin can be trusted. RSA There is a vulnerability in multiple software that implements that the signature is not verified correctly. For example, SSH , SSL , PGP , X.509 May affect the software.By a remote third party RSA The signature may be forged. This may prevent the validity of the signed message. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service (NSS): RSA signature forgery Date: October 17, 2006 Bugs: #148283 ID: 200610-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== NSS fails to properly validate PKCS #1 v1.5 signatures. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nss < 3.11.3 >= 3.11.3 Description =========== Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This impacts any software using the NSS library, like the Mozilla products Firefox, Thunderbird and Seamonkey. Workaround ========== There is no known workaround at this time. Resolution ========== All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3" Note: As usual after updating a library, you should run 'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure that all applications linked to it are properly rebuilt. References ========== [ 1 ] CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [ 2 ] CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 2693394 8554202ca8540221956438754ce83daa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 769732 1924597de3a34f244d50812ce47e839f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 901102 f43171afd1211d5026a0241abbce7710 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb Size/MD5: 499392 6c4844845826d244a5062664d725d7f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 2569762 159afe6386461da5a10d58594604f923 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb Size/MD5: 571346 32560c34d375896443908ad44ef37724 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb Size/MD5: 508988 17028f0a0751e40a77199e0727503726 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb Size/MD5: 557516 0ea8220e55677599c9867d9104bee981 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 987236 ecacd01dc72995f246531c25e783a879 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824490 Version: 1 HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic= =EvRT -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: OpenOffice.org 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38568 VERIFY ADVISORY: http://secunia.com/advisories/38568/ DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. For more information see vulnerability #2 in: SA35967 4) An error in the processing XPM files can be exploited to potentially execute arbitrary code. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200609-1512 CVE-2006-4339 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. =========================================================== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 2693394 8554202ca8540221956438754ce83daa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 769732 1924597de3a34f244d50812ce47e839f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 901102 f43171afd1211d5026a0241abbce7710 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb Size/MD5: 499392 6c4844845826d244a5062664d725d7f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 2569762 159afe6386461da5a10d58594604f923 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb Size/MD5: 571346 32560c34d375896443908ad44ef37724 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb Size/MD5: 508988 17028f0a0751e40a77199e0727503726 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb Size/MD5: 557516 0ea8220e55677599c9867d9104bee981 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 987236 ecacd01dc72995f246531c25e783a879 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service (NSS): RSA signature forgery Date: October 17, 2006 Bugs: #148283 ID: 200610-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== NSS fails to properly validate PKCS #1 v1.5 signatures. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nss < 3.11.3 >= 3.11.3 Description =========== Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This impacts any software using the NSS library, like the Mozilla products Firefox, Thunderbird and Seamonkey. Workaround ========== There is no known workaround at this time. Resolution ========== All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3" Note: As usual after updating a library, you should run 'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure that all applications linked to it are properly rebuilt. References ========== [ 1 ] CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [ 2 ] CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1173-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans September 10th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : openssl Problem-Type : local Vulnerability : Cryptographic weakness Debian-specific: no CVE ID : CVE-2006-4339 BugTraq ID : 19849 Debian Bug : 386247 Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. For the stable distribution (sarge) this problem has been fixed in version 0.9.7e-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 0.9.8b-3 We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798 ARM architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138 PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFBAPBXm3vHE4uyloRAi3GAKDGgqkwyRLRWlGMVZCCaUAqoW/GZwCePsIu B9S76g6dsDiigQZAK709Qmk= =lxOo -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: OpenOffice.org 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38568 VERIFY ADVISORY: http://secunia.com/advisories/38568/ DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) The included libxml2 library fails to properly verify signatures. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. For more information see vulnerability #2 in: SA35967 4) An error in the processing XPM files can be exploited to potentially execute arbitrary code. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200110-0402 CVE-2006-4339 OpenSSL SSLv2 client code fails to properly check for NULL CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service (NSS): RSA signature forgery Date: October 17, 2006 Bugs: #148283 ID: 200610-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== NSS fails to properly validate PKCS #1 v1.5 signatures. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nss < 3.11.3 >= 3.11.3 Description =========== Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This impacts any software using the NSS library, like the Mozilla products Firefox, Thunderbird and Seamonkey. Workaround ========== There is no known workaround at this time. Resolution ========== All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3" Note: As usual after updating a library, you should run 'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure that all applications linked to it are properly rebuilt. References ========== [ 1 ] CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [ 2 ] CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:207 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bind Date : November 14, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3. You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 2693394 8554202ca8540221956438754ce83daa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 769732 1924597de3a34f244d50812ce47e839f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 901102 f43171afd1211d5026a0241abbce7710 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb Size/MD5: 499392 6c4844845826d244a5062664d725d7f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 2569762 159afe6386461da5a10d58594604f923 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb Size/MD5: 571346 32560c34d375896443908ad44ef37724 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb Size/MD5: 508988 17028f0a0751e40a77199e0727503726 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb Size/MD5: 557516 0ea8220e55677599c9867d9104bee981 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 987236 ecacd01dc72995f246531c25e783a879 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01118771 Version: 1 HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-08-01 Last Updated: 2007-08-01 Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could by exploited remotely resulting in the execution of arbitrary code or a Denial of Service (DoS). References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. BACKGROUND RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8 HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html PRODUCT SPECIFIC INFORMATION HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRrIKieAfOvwtKn1ZEQJUJACfakfLP0u32ySuj4KuXa+P2KgKODEAoIag 4otTq1h8U9Q2sa0noibOymby =jOXf -----END PGP SIGNATURE----- . For the stable distribution (sarge) this problem has been fixed in version 0.9.7e-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 0.9.8b-3 We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798 ARM architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138 PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de These files will probably be moved into the stable distribution on its next update. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: OpenOffice.org 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38568 VERIFY ADVISORY: http://secunia.com/advisories/38568/ DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) The included libxml2 library fails to properly verify signatures. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200609-1661 CVE-2006-4340 OpenSSL may fail to properly parse invalid ASN.1 structures CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Apple Airport Probe Response Kernel Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA22679 VERIFY ADVISORY: http://secunia.com/advisories/22679/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: H.D. Moore has reported a vulnerability in the Apple Airport driver, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Airport driver provided with Orinoco-based Airport cards when handling probe response frames. This can be exploited to overwrite kernel memory and potentially execute arbitrary code when the driver is running in active scanning mode. The vulnerability is reported in the driver on a PowerBook running version 10.4.8. SOLUTION: Do not place the card into active scanning mode. PROVIDED AND/OR DISCOVERED BY: H D Moore ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-01-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200609-0101 CVE-2006-4587 vtiger CRM Vulnerable to cross-site scripting CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. vtiger CRM Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. (1) Unspecified module description Parameters (2) HelpDesk Module solution Parameters. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: vtiger CRM Script Insertion and Administrative Modules Access SECUNIA ADVISORY ID: SA21728 VERIFY ADVISORY: http://secunia.com/advisories/21728/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. 2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly. The vulnerabilities have been confirmed in version 4.2.4. Use another product. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200609-0102 CVE-2006-4588 vtiger CRM Vulnerabilities that bypass authentication CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: vtiger CRM Script Insertion and Administrative Modules Access SECUNIA ADVISORY ID: SA21728 VERIFY ADVISORY: http://secunia.com/advisories/21728/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. 2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly. The vulnerabilities have been confirmed in version 4.2.4. Use another product. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200609-0071 CVE-2006-4613 SnapGear Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. This vulnerability CVE-2006-4018 May be related.Service disruption by a third party (DoS) There is a possibility of being put into a state. SnapGear is prone to multiple unspecified remote denial-of-service vulnerabilities. An attacker can exploit these vulnerabilities to crash an affected device, effectively denying service to legitimate users. These issues affect SnapGear firmware versions prior to 3.1.4u2. This BID is being retired. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: SnapGear Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA21707 VERIFY ADVISORY: http://secunia.com/advisories/21707/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: SnapGear 3.x http://secunia.com/product/11807/ DESCRIPTION: Two vulnerabilities have been reported in SnapGear, which can be exploited by malicious people to cause a DoS (Denial of Service). This affects the 560, 565, 580, and 710 models. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200608-0112 CVE-2006-4461 Paessler IPCheck Server Monitor Vulnerability in CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors
VAR-200608-0158 CVE-2006-4507 PSP of Photo Viewer of libTIFF Vulnerable to arbitrary code execution CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Sony PSP TIFF Image Viewing Code Execution Vulnerability SECUNIA ADVISORY ID: SA21672 VERIFY ADVISORY: http://secunia.com/advisories/21672/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Sony PlayStation Portable (PSP) 2.x http://secunia.com/product/5764/ DESCRIPTION: A vulnerability has been discovered in Sony PlayStation Portable, which can be exploited by malicious people to compromise a user's system. The vulnerability has been confirmed in version 2.60 and has also been reported in versions 2.00 through 2.80. SOLUTION: Do not view untrusted images. PROVIDED AND/OR DISCOVERED BY: Discovered by NOPx86. Additional research by psp250, Skylark, Joek2100, CSwindle, JimP, and Fanjita. ORIGINAL ADVISORY: http://noobz.eu/content/home.html#280806 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200608-0332 CVE-2006-4305 SAP DB Buffer overflow vulnerability in products such as CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-09 Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow Author: Oliver Karow / Oliver_Karow@symantec.com Release Date: 29-08-2006 Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM Platform: Windows/Unix Severity: Remotely exploitable/Local System Access Vendor status: Verified by vendor / Resolved in 7.6.00.31 CVE Number: CVE-2006-4305 Reference: http://www.securityfocus.com/bid/19660 Overview: A connection from a WebDBM Client to the DBM Server causes a buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server. Details: SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set. It is targeted for large mySAP Business Suite environments and other applications that require maximum enterprise-level database functionality and complements the MySQL database server. A remotely exploitable vulnerability exists in MaxDB's WebDBM. Authentication is not required for successful exploitation to occur. Vendor Response: The above vulnerability has been fixed in the latest release of the product, MaxDB 7.6.00.31. Licensed and evaluation versions of MaxDB are available for download in the download section of www.mysql.com/maxdb: http://dev.mysql.com/downloads/maxdb/7.6.00.html. If there are any further questions about this statement, please contact mysql-MaxDB support. Please note that SAP customers receive their downloads via the SAP Service Marketplace www.service.sap.com and must not use downloads from the addresses above for their SAP solutions. Recommendation: The vendor has released MaxDB 7.6.00.31 to address this issue. Users should contact the vendor to obtain the appropriate upgrade. As a temporary workaround the SAP-DB WWW Service should either be disabled or have access to it restricted using appropriate network or client based access controls. Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-4305 - -------Symantec Consulting Services Advisory Information------- For questions about this advisory, or to report an error: cs_advisories@symantec.com For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf Consulting Services Advisory Archive: http://www.symantec.com/research/ Consulting Services Advisory GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc - -------------Symantec Product Advisory Information------------- To Report a Security Vulnerability in a Symantec Product: secure@symantec.com For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/ Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc - --------------------------------------------------------------- Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com. Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5 gKP3gDsY1sr7ioo8+maNHFA= =vuXL -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: MaxDB WebDBM Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21677 VERIFY ADVISORY: http://secunia.com/advisories/21677/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/ DESCRIPTION: Oliver Karow has reported a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in WebDBM when processing database names. The vulnerability has been reported in version 7.6.00.22. Other versions may also be affected. SOLUTION: Update to version 7.6.00.31 or later. http://dev.mysql.com/downloads/maxdb/7.6.00.html PROVIDED AND/OR DISCOVERED BY: Oliver Karow, Symantec. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA21677 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb AMD64 architecture: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436 -- Debian GNU/Linux unstable alias sid -- Reportedly, the problem will be fixed soon