VARIoT IoT vulnerabilities database
| VAR-200712-0398 | CVE-2007-3876 | Apple Mac OS X of SMB Multiple buffer overflow vulnerabilities |
CVSS V2: 6.6 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. Mac OS X is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
This issue affects certain SMB (Server Message Block protocol) applications.
An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
Mac OS X and Mac OS X Server 10.4.11 and prior versions are vulnerable.
NOTE: This issue was originally covered in BID 26910 (Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities). Flash Player is a very popular FLASH player. There is a vulnerability in the way that the Flash Player plug-in creates TCP sessions with other hosts through (SWF) movies. Attackers may use this vulnerability to lure users to connect to malicious files. After receiving the allow-access-from element in the cross-domain policy XML document, Flash Player does not bind the hostname to a single IP address, and the Flash Socket class does not use the browser's DNS binding, so the attacker can pass A DNS rebinding attack causes the victim user's machine to create a TCP session to an arbitrary host. BACKGROUND
The mount_smbfs utility is used to mount a remote SMB share locally. It
is installed set-uid root, so as to allow unprivileged users to mount
shares, and is present in a default installation on both the Server and
Desktop versions of Mac OS X. For more information visit the following
URL.
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/mount_smbfs.8.html
II.
The vulnerability exists in a portion of code responsible for parsing
command line arguments. When processing the -W option, which is used to
specify a workgroup name, the option's argument is copied into a fixed
sized stack buffer without any checks on its length. This leads to a
trivially exploitable stack based buffer overflow.
III.
IV. Previous
versions may also be affected.
V. WORKAROUND
Removing the set-uid bit from the mount_smbfs binary will prevent
exploitation. However, non-root users will be unable to use the
program.
VI. More information is available at the following URL.
http://docs.info.apple.com/article.html?artnum=307179
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-3876 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
07/16/2007 Initial vendor notification
07/17/2007 Initial vendor response
12/17/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was discovered by Sean Larsson of VeriSign iDefense
Labs.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service. This and other updates are
available via Software Update or via Apple Downloads. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0446 | CVE-2007-5863 | Apple Mac OS X Man-in-the-middle attack arbitrary command execution vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow an attacker to execute arbitrary commands on affected computers, provided that the 'allow-external-scripts' option is enabled. There are loopholes in the implementation of the OS X software upgrade mechanism, and remote attackers may control the user system through fake upgrade sites. The OS X software upgrade mechanism uses "release packages", which consist of two main parts: an XML catalog file listing available upgrades; and a "release definition file" that contains XML and JavaScript-encoded information that defines what to expect when an upgrade is installed. content in all aspects. When OS X checks for new updates, it first contacts swscan.apple.com to receive an XML catalog file that references distribution definition files that may be located on other servers. After the software upgrade receives these files, it calls some other JavaScript function to check whether the update is suitable for the local machine. The above-mentioned files are transmitted through HTTP without any authentication.
I.
Further details are available in the related vulnerability notes.
The update addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
13) The vendor credits Xeno Kovah, originally reported in Mac OS X
10.5 by heise Security.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0441 | CVE-2007-5858 | Apple Safari of WebKit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. Apple Safari is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for subframe access.
An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.
Safari 3 for both Microsoft Windows and Apple Mac OS X platforms is vulnerable to this issue. Safari is the WEB browser bundled with the Apple family operating system by default.
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
2) An error in the handling of emergency calls can be exploited to
bypass the Passcode Lock feature and allows users with physical
access to an iPhone to launch applications without the passcode.
This security issue is reported in iPhone v1.0 through v1.1.2 only.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
I.
Further details are available in the related vulnerability notes.
The update addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
13) The vendor credits Xeno Kovah, originally reported in Mac OS X
10.5 by heise Security.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0406 | CVE-2007-4473 | Easylon OPC Server Arbitrary code execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. Gesytec Easylon OPC Server Does not properly validate the server handle, so arbitrary code may be executed or denial of service (DoS) There is a vulnerability that will be in a state. Easylon OPC Server is a system control server software used in the field of industrial automation.
This issue affects versions prior to Easylon OPC Server 2.3.44.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
The vulnerability is caused due to an error when validating server
handles and can be exploited to e.g.
SOLUTION:
Update to version 2.3.44 or later.
ftp://ftp.gesytec.de/pub/opc/
PROVIDED AND/OR DISCOVERED BY:
Neutralbit
ORIGINAL ADVISORY:
VU#205073:
http://www.kb.cert.org/vuls/id/205073
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0300 | CVE-2008-2173 | Yamaha Service disruption in routers (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. Yamaha Router disturbs service operation ( Session drop ) There is a vulnerability that becomes a condition. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies.
AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA30054
VERIFY ADVISORY:
http://secunia.com/advisories/30054/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
ALAXALA Networks AX7800S Series
http://secunia.com/product/5125/
ALAXALA Networks AX7800R Series
http://secunia.com/product/5124/
ALAXALA Networks AX7700R
http://secunia.com/product/11176/
ALAXALA Networks AX5400S Series
http://secunia.com/product/5126/
ALAXALA Networks AX3600S Series
http://secunia.com/product/11174/
ALAXALA Networks AX2400S Series
http://secunia.com/product/11175/
ALAXALA Networks AX2000R Series
http://secunia.com/product/11177/
DESCRIPTION:
A vulnerability has been reported in ALAXALA Networks AX series,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
SOLUTION:
Restrict network access on affected systems.
PROVIDED AND/OR DISCOVERED BY:
Reported via US-CERT.
ORIGINAL ADVISORY:
US-CERT VU#929656:
http://www.kb.cert.org/vuls/id/929656
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0297 | CVE-2008-2170 | Century Service disruption in routers (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies.
AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA30054
VERIFY ADVISORY:
http://secunia.com/advisories/30054/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
ALAXALA Networks AX7800S Series
http://secunia.com/product/5125/
ALAXALA Networks AX7800R Series
http://secunia.com/product/5124/
ALAXALA Networks AX7700R
http://secunia.com/product/11176/
ALAXALA Networks AX5400S Series
http://secunia.com/product/5126/
ALAXALA Networks AX3600S Series
http://secunia.com/product/11174/
ALAXALA Networks AX2400S Series
http://secunia.com/product/11175/
ALAXALA Networks AX2000R Series
http://secunia.com/product/11177/
DESCRIPTION:
A vulnerability has been reported in ALAXALA Networks AX series,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
SOLUTION:
Restrict network access on affected systems.
PROVIDED AND/OR DISCOVERED BY:
Reported via US-CERT.
ORIGINAL ADVISORY:
US-CERT VU#929656:
http://www.kb.cert.org/vuls/id/929656
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0296 | CVE-2008-2169 | Avici Service disruption in routers (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. Avici Router In the case of route flapping, service disruption ( Session destruction ) There is a vulnerability that becomes a condition. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies.
AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA30054
VERIFY ADVISORY:
http://secunia.com/advisories/30054/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
ALAXALA Networks AX7800S Series
http://secunia.com/product/5125/
ALAXALA Networks AX7800R Series
http://secunia.com/product/5124/
ALAXALA Networks AX7700R
http://secunia.com/product/11176/
ALAXALA Networks AX5400S Series
http://secunia.com/product/5126/
ALAXALA Networks AX3600S Series
http://secunia.com/product/11174/
ALAXALA Networks AX2400S Series
http://secunia.com/product/11175/
ALAXALA Networks AX2000R Series
http://secunia.com/product/11177/
DESCRIPTION:
A vulnerability has been reported in ALAXALA Networks AX series,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
SOLUTION:
Restrict network access on affected systems.
PROVIDED AND/OR DISCOVERED BY:
Reported via US-CERT.
ORIGINAL ADVISORY:
US-CERT VU#929656:
http://www.kb.cert.org/vuls/id/929656
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0298 | CVE-2008-2171 | AlaxalA AX Service disruption in routers (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. AlaxalA AX The router has a service disruption ( Session drop ) There is a vulnerability that becomes a condition. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies.
AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA30054
VERIFY ADVISORY:
http://secunia.com/advisories/30054/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
ALAXALA Networks AX7800S Series
http://secunia.com/product/5125/
ALAXALA Networks AX7800R Series
http://secunia.com/product/5124/
ALAXALA Networks AX7700R
http://secunia.com/product/11176/
ALAXALA Networks AX5400S Series
http://secunia.com/product/5126/
ALAXALA Networks AX3600S Series
http://secunia.com/product/11174/
ALAXALA Networks AX2400S Series
http://secunia.com/product/11175/
ALAXALA Networks AX2000R Series
http://secunia.com/product/11177/
DESCRIPTION:
A vulnerability has been reported in ALAXALA Networks AX series,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
SOLUTION:
Restrict network access on affected systems.
PROVIDED AND/OR DISCOVERED BY:
Reported via US-CERT.
ORIGINAL ADVISORY:
US-CERT VU#929656:
http://www.kb.cert.org/vuls/id/929656
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0445 | CVE-2007-5862 | Apple Mac OS X Keychain Security Bypass Vulnerability |
CVSS V2: 9.4 CVSS V3: - Severity: HIGH |
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. Apple Mac OS X Keychain is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.
This issue may stem from a security issue in Java.
A successful attack allows unauthorized users to modify other users' accounts, which may aid in further attacks.
This issue affects Mac OS X 10.4.10 and Mac OS X Server 10.4.10.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Mac OS X Java Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28115
VERIFY ADVISORY:
http://secunia.com/advisories/28115/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Some vulnerabilities have been reported and acknowledged in Mac OS
X, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, to cause
a DoS (Denial of Service), or to compromise a user's system.
2) Some vulnerabilities in Java 1.4 and J2SE 5.0 can be exploited to
bypass certain security restrictions, conduct cross-site scripting
attacks, to cause a DoS (Denial of Service), or to compromise a
user's system.
Java for Mac OS X 10.4, Release 6:
http://www.apple.com/support/downloads/javaformacosx104release6.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Bruno Harbulot, University of Manchester.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307177
OTHER REFERENCES:
SA21709:
http://secunia.com/advisories/21709/
SA23398:
http://secunia.com/advisories/23398/
SA23445:
http://secunia.com/advisories/23445/
SA23757:
http://secunia.com/advisories/23757/
SA25069:
http://secunia.com/advisories/25069/
SA25295:
http://secunia.com/advisories/25295/
SA25769:
http://secunia.com/advisories/25769/
SA25823:
http://secunia.com/advisories/25823/
SA25981:
http://secunia.com/advisories/25981/
SA26015:
http://secunia.com/advisories/26015/
SA26402:
http://secunia.com/advisories/26402/
SA27009:
http://secunia.com/advisories/27009/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0088 | CVE-2007-6372 | BGP implementations do not properly handle UPDATE messages |
CVSS V2: 7.8 CVSS V3: - Severity: 24.49 |
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. Border Gateway Protocol (BGP) Is AS (Autonomous System) A widely used routing protocol. Between peer routers BGP The exchange of route information by means of is important in the stable operation of the Internet.
Versions of JUNOS from 7.3 to 8.4 are reported vulnerable.
NOTE: Multiple sources report that upgrading to JUNOS 8.5R1 or above will solve this issue, but this could not be confirmed at the time of writing. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies.
AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA30054
VERIFY ADVISORY:
http://secunia.com/advisories/30054/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
ALAXALA Networks AX7800S Series
http://secunia.com/product/5125/
ALAXALA Networks AX7800R Series
http://secunia.com/product/5124/
ALAXALA Networks AX7700R
http://secunia.com/product/11176/
ALAXALA Networks AX5400S Series
http://secunia.com/product/5126/
ALAXALA Networks AX3600S Series
http://secunia.com/product/11174/
ALAXALA Networks AX2400S Series
http://secunia.com/product/11175/
ALAXALA Networks AX2000R Series
http://secunia.com/product/11177/
DESCRIPTION:
A vulnerability has been reported in ALAXALA Networks AX series,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
SOLUTION:
Restrict network access on affected systems.
PROVIDED AND/OR DISCOVERED BY:
Reported via US-CERT.
ORIGINAL ADVISORY:
US-CERT VU#929656:
http://www.kb.cert.org/vuls/id/929656
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
SOLUTION:
Apply updates (contact the vendor for more information)
| VAR-200712-0596 | CVE-2007-6359 | Apple Mac OS X of cs_validate_page Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. Mac OS X is prone to a denial-of-service vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30430
VERIFY ADVISORY:
http://secunia.com/advisories/30430/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2008-05-29
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
Security Update 2008-003 (PPC):
http://www.apple.com/support/downloads/securityupdate2008003ppc.html
Security Update 2008-003 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008003serverppc.html
Security Update 2008-003 Server (Universal):
http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html
Security Update 2008-003 (Intel):
http://www.apple.com/support/downloads/securityupdate2008003intel.html
Mac OS X 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosx1053comboupdate.html
Mac OS X 10.5.3 Update:
http://www.apple.com/support/downloads/macosx1053update.html
Mac OS X Server 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosxserver1053comboupdate.html
Mac OS X Server 10.5.3 Update:
http://www.apple.com/support/downloads/macosxserver1053update.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Alex deVries and Robert Rich
3) Rosyna of Unsanity
5) Melissa O'Neill, Harvey Mudd College
9) Brian Mastenbrook
12) Paul Haddad, PTH Consulting
16) Gynvael Coldwind, Hispasec
19) Derek Morr, Pennsylvania State University
21) Geoff Franks, Hauptman Woodward Institute
22) Don Rainwater, University of Cincinnati
CHANGELOG:
2008-05-29: Added links to Mac OS X 10.5.3 in "Solution" section.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
The vulnerability is caused due to an error in the handling of return
values of "hashes()" in the "cs_validate_page()" function when
processing signed Mach-O binaries and can be exploited to cause a
system panic. Other versions may
also be affected.
SOLUTION:
Grant only trusted users access to affected systems
| VAR-200712-0223 | CVE-2007-6386 | Trend Micro AntiVirus Such as PccScan.dll Vulnerable to stack-based buffer overflow |
CVSS V2: 7.2 CVSS V3: - Severity: High |
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file. Trend Micro Antivirus Plus Antispyware is prone to a denial-of-service vulnerability.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
The vulnerability is caused due to a boundary error within
PccScan.dll when decoding UUE files and can be exploited to cause a
buffer overflow via a specially crafted UUE file.
NOTE: The vendor's advisory states that the vulnerability is caused
due to a format-string error when handling certain fields of a UUE
file during decoding. It is not clear if this is a separate
vulnerability.
http://solutionfile.trendmicro.com/solutionfile/1036464/EN/tis_160_win_en_patch_pccscan1451.exe
PROVIDED AND/OR DISCOVERED BY:
Sowhat, Nevis Labs
ORIGINAL ADVISORY:
Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
Sowhat:
http://secway.org/advisory/AD20071211.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0222 | CVE-2007-6385 | Kerio WinRoute Firewall Proxy server vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. Kerio WinRoute Firewall is prone to an unspecified weakness that allows local users to bypass proxy authentication.
Exploiting this issue may permit a local attacker to obtain web pages that are supposed to be administratively prohibited with proxy controls.
Versions prior to Kerio WinRoute Firewall 6.4.1 contain this weakness.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
SOLUTION:
Update to version 6.4.1.
http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.kerio.com/kwf_history.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0453 | No CVE | JP1/Cm2/Network Node Manager Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: Medium |
Provided by Hitachi JP1/Cm2/Network Node Manager (NNM) Contains a cross-site scripting vulnerability. Provided by Hitachi JP1/Cm2/Network Node Manager (NNM) Is software that can centrally manage network configurations and failures. this NNM Contains a cross-site scripting vulnerability. There are several affected systems. For details, check the information provided by the vendor. This vulnerability information is based on the Information Security Early Warning Partnership. IPA To report to JPCERT/CC Has coordinated with the vendor. Reporter: NTT Data Security Corporation 辻 Nobuhiro MrAn arbitrary script may be executed on the user's web browser.
| VAR-200712-0423 | CVE-2007-4707 | Apple QuickTime of FLASH Multiple vulnerabilities in media processing |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. The most serious issue will allow remote attackers to execute code.
The remote-code execution issues involve processing '.swf' files. The 'Quicktime.qts' module uses the 'BitMapFormat' attribute of the 'Parser' object without validating its contents.
An attacker can exploit some of these issues to execute arbitrary code with the privileges of the user running the affected application. The impact of the other issues has not been specified.
These issues affect versions prior to QuickTime 7.3.1 for these platforms:
Mac OS X v10.3.9
Mac OS X v10.4.9 or later
Mac OS X v10.5 or later
Microsoft Windows Vista
Microsoft Windows XP SP2.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28092
VERIFY ADVISORY:
http://secunia.com/advisories/28092/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) A boundary error in the handling of QTL files can be exploited to
cause a heap-based buffer overflow when a user views a specially
crafted QTL file.
SOLUTION:
Update to Apple QuickTime version 7.3.1.
QuickTime 7.3.1 for Panther:
http://www.apple.com/support/downloads/quicktime731forpanther.html
QuickTime 7.3.1 for Tiger:
http://www.apple.com/support/downloads/quicktime731fortiger.html
QuickTime 7.3.1 for Leopard:
http://www.apple.com/support/downloads/quicktime731forleopard.html
QuickTime 7.3.1 for Windows:
http://www.apple.com/support/downloads/quicktime731forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits:
* Tom Ferris, Adobe Secure Software Engineering Team (ASSET)
* Mike Price of McAfee Avert Labs
* Lionel d'Hauenens and Brian Mariani of Syseclabs
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307176
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0422 | CVE-2007-4706 | Apple QuickTime Rogue QTL File reference heap overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted QTL file. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. The software is capable of handling multiple sources such as digital video, media segments, and more.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28092
VERIFY ADVISORY:
http://secunia.com/advisories/28092/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
Successful exploitation may allow execution of arbitrary code.
2) Various unspecified errors exist in QuickTime's Flash media
handler, which can be exploited to execute arbitrary code.
The vulnerabilities are reported in Apple QuickTime prior to version
7.3.1.
SOLUTION:
Update to Apple QuickTime version 7.3.1.
QuickTime 7.3.1 for Panther:
http://www.apple.com/support/downloads/quicktime731forpanther.html
QuickTime 7.3.1 for Tiger:
http://www.apple.com/support/downloads/quicktime731fortiger.html
QuickTime 7.3.1 for Leopard:
http://www.apple.com/support/downloads/quicktime731forleopard.html
QuickTime 7.3.1 for Windows:
http://www.apple.com/support/downloads/quicktime731forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits:
* Tom Ferris, Adobe Secure Software Engineering Team (ASSET)
* Mike Price of McAfee Avert Labs
* Lionel d'Hauenens and Brian Mariani of Syseclabs
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307176
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0594 | CVE-2007-5000 | Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap" |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects the following:
- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0
- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0010
Synopsis: VMware Hosted products update libpng and Apache HTTP
Server
Issue date: 2009-08-20
Updated on: 2009-08-20 (initial release of advisory)
CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863
CVE-2006-5752 CVE-2007-3304 CVE-2007-6388
CVE-2007-5000 CVE-2008-0005
- ------------------------------------------------------------------------
1. Summary
Updated VMware Hosted products address security issues in libpng and
the Apace HTTP Server.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier
3. Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
------------------------
http://www.vmware.com/download/ws/
Release notes:
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 7565d16b7d7e0173b90c3b76ca4656bc
sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit
Linux 32-bit .rpm
md5sum: 4d55c491bd008ded0ea19f373d1d1fd4
sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit
Linux 32-bit .bundle
md5sum: d4a721c1918c0e8a87c6fa4bad49ad35
sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit
Linux 64-bit .rpm
md5sum: 72adfdb03de4959f044fcb983412ae7c
sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit
Linux 64-bit .bundle
md5sum: 83e1f0c94d6974286256c4d3b559e854
sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
-------------------
http://www.vmware.com/download/player/
Release notes:
http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe
md5sum: fe28f193374c9457752ee16cd6cad4e7
sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm
md5sum: c99cd65f19fdfc7651bcb7f328b73bc2
sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle
md5sum: 210f4cb5615bd3b2171bc054b9b2bac5
sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm
md5sum: f91576ef90b322d83225117ae9335968
sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle
md5sum: 595d44d7945c129b1aeb679d2f001b05
sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
----------------
http://www.vmware.com/download/ace/
Release notes:
http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance
AMS Virtual Appliance .zip
md5sum: 44cc7b86353047f02cf6ea0653e38418
sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 0779da73408c5e649e0fd1c62d23820f
sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows
Windows .exe
md5sum: 0779da73408c5e649e0fd1c62d23820f
sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: a4fc92d7197f0d569361cdf4b8cca642
sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 841005151338c8b954f08d035815fd58
sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- ------------------------------------------------------------------------
6. Change log
2009-08-20 VMSA-2009-0010
Initial security advisory after release of Workstation 6.5.3,
Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
A flaw found in the mod_status module could lead to a cross-site
scripting attack on sites where mod_status was enabled and the status
pages were publically available (CVE-2007-6388).
A flaw found in the mod_proxy_balancer module could lead to a
cross-site scripting attack against an authorized user on sites where
mod_proxy_balancer was enabled (CVE-2007-6421).
Another flaw in the mod_proxy_balancer module was found where,
on sites with the module enabled, an authorized user could send a
carefully crafted request that would cause the apache child process
handling the request to crash, which could lead to a denial of service
if using a threaded MPM (CVE-2007-6422).
A flaw found in the mod_proxy_ftp module could lead to a cross-site
scripting attack against web browsers which do not correctly derive
the response character set following the rules in RFC 2616, on sites
where the mod_proxy_ftp module was enabled (CVE-2008-0005).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm
cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm
f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm
1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm
333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm
717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm
15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm
90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm
52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm
8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm
4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm
fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm
665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm
a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm
cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm
208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm
92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm
71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm
dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm
eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm
f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm
ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm
200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm
ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm
126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm
52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm
17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm
a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm
b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm
da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm
df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm
c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm
a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm
e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm
0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm
a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm
e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm
f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm
6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm
71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm
4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm
a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm
0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm
3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm
5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm
1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm
597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm
f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm
a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm
2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm
bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm
9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm
938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm
cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm
5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm
48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm
ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm
7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm
6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm
a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm
ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm
a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm
d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm
68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm
07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm
6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm
b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm
46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm
3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm
c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm
01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm
9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm
5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm
e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm
9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm
ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm
5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm
339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm
a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm
f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm
8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm
9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm
de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm
eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm
4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm
cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm
3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm
ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm
8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm
21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm
0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm
50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm
9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm
29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm
21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm
944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm
0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm
ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm
785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm
c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm
2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm
16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm
76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm
36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm
d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm
7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm
8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm
1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm
e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm
910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm
2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm
c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm
27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm
e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm
6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm
e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm
304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm
d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm
e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm
2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Corporate 4.0:
0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm
2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm
6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm
8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm
6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm
56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm
6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm
7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm
eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm
b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm
a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm
2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm
b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm
b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm
240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm
afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm
76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm
eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm
57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm
804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm
ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm
5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm
dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm
b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm
6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm
973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm
359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm
ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm
e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm
e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm
d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm
166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm
bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm
3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm
f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm
6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm
f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm
ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHjmhKmqjQ0CJFipgRAkyLAJ4jEFMu2rAIE8XH60UDFYapm8fGgwCfaHL0
O/KXRt/gdgAAug5/9/aFGGA=
=YkQ1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01607570
Version: 1
HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-19
Last Updated: 2008-11-19
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
References: CVE-2007-6388, CVE-2007-5000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
Reference Base Vector Base Score
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made patches available to resolve the vulnerabilities.
The patches are available from http://itrc.hp.com
OV NNM v7.53
===========
Operating_System - HP-UX (IA)
Resolved in Patch - PHSS_38148 or subsequent
Operating_System - HP-UX (PA)
Resolved in Patch - PHSS_38147 or subsequent
Operating_System - Linux RedHatAS2.1
Resolved in Patch - LXOV_00085 or subsequent
Operating_System - Linux RedHat4AS-x86_64
Resolved in Patch - LXOV_00086 or subsequent
Operating_System - Solaris
Resolved in Patch - PSOV_03514 or subsequent
OV NNM v7.51
===========
Upgrade to NNM v7.53 and install the patches listed above.
OV NNM v7.01
===========
Operating_System - HP-UX (PA)
Resolved in Patch - PHSS_38761 or subsequent
Operating_System - Solaris
Resolved in Patch - PSOV_03516 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate file as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
=============
OVNNMgr.OVNNM-RUN
action: install PHSS_38148 or subsequent
URL: http://itrc.hp.com
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN
action: install PHSS_38147 or subsequent
URL: http://itrc.hp.com
For HP-UX OV NNM 7.51
HP-UX B.11.31
HP-UX B.11.23
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN
action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01
HP-UX B.11.00
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN
action: install PHSS_38761 or subsequent
URL: http://itrc.hp.com
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 19 November 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs
A2UIaH3YB7z+o42Tm7Eg7ahn
=lskD
-----END PGP SIGNATURE-----
| VAR-200712-0504 | No CVE | Multiple Trend Micro Products UUE Malformed Zip File Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Multiple Trend Micro products are prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.
| VAR-200712-0506 | No CVE | SAP MaxDB Unspecified Remote Execution Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP MaxDB is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will crash the application.
This issue affects MaxDB 7.6.00.37 and 7.4.3.32; other versions may also be affected.
| VAR-200712-0213 | CVE-2007-6376 | Francisco Burzi PHP-Nuke of autohtml.php Vulnerable to directory traversal |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This vulnerability CVE-2006-4190 Is a different vulnerability.By a third party .. Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input