VARIoT IoT vulnerabilities database
| VAR-200708-0467 | CVE-2007-2409 | WebCore Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0465 | CVE-2007-2407 | Apple Mac OS X Running on Samba Server vulnerabilities that use more disk space than allocated |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0463 | CVE-2007-2405 | PDFKit of Preview Integer underflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0461 | CVE-2007-2403 | CFNetwork Any in FTP To server FTP Vulnerabilities triggered by sending commands |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0462 | CVE-2007-2404 | CFNetwork In CRLF Injection vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0460 | CVE-2007-3748 | iChat of UPnP IGD Implementation buffer overflow vulnerability |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0458 | CVE-2007-3746 | CoreAudio To Java Vulnerability in arbitrary code execution in the interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0457 | CVE-2007-3745 | CoreAudio To Java An arbitrary memory release vulnerability in the interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. A remote attacker could exploit this vulnerability to take control of a user's system by enticing the user to visit a malicious web page.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0456 | CVE-2007-3744 | mDNSResponder of UPnP IGD Implementation heap-based buffer overflow vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. BACKGROUND
mDNSResponder is part of the Bonjour suite of applications. Bonjour is
used to provide automatic and transparent configuration of network
devices. It is similar to UPnP, in that the goal of both is to allow
users to simply plug devices into a network without worrying about
configuration details. mDNSResponder runs by default on both Server and
Workstation. More information can be found on the vendor's website.
http://developer.apple.com/opensource/internet/bonjour.html
II.
The vulnerability exists within the Legacy NAT Traversal code. Unlike
the core of the mDNSResponder service, this area of code does not rely
on Multicast UDP. It listens on a dynamically allocated Unicast UDP
port.
The vulnerability occurs when parsing a malformed HTTP request. This
results in an exploitable heap overflow.
III. No
authentication is needed to exploit this vulnerability.
Failed attempts will result in the service crashing. Shortly after
crashing, it will be restarted.
IV. Previous versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. More information is available at the following URL.
http://docs.info.apple.com/article.html?artnum=306172
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-3744 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
07/26/2007 Initial vendor notification
07/26/2007 Initial vendor response
08/07/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Neil Kettle (mu-b) of
www.digit-labs.org.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: mDNSResponder: Multiple vulnerabilities
Date: January 20, 2012
Bugs: #290822
ID: 201201-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in mDNSResponder, which could
lead to execution of arbitrary code with root privileges.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/mDNSResponder < 212.1 >= 212.1
Description
===========
Multiple vulnerabilities have been discovered in mDNSResponder. Please
review the CVE identifiers referenced below for details.
Resolution
==========
All mDNSResponder users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/mDNSResponder-212.1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since November 21, 2009. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2007-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2386
[ 2 ] CVE-2007-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3744
[ 3 ] CVE-2007-3828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3828
[ 4 ] CVE-2008-0989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989
[ 5 ] CVE-2008-2326
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2326
[ 6 ] CVE-2008-3630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3630
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200606-0487 | CVE-2006-2761 | Hitachi Hitsenser3 Unknown SQL Injection Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Hitachi HITSENSER3 HITSENSER3 / PRP, HITSENSER3 / PUP, HITSENSER3 / STP, and HITSENSER3 / EUP have SQL injection vulnerabilities. HITSENSER3 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Versions 01-02 through 01-08 are vulnerable to this issue.
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
Successful exploitation allows bypassing of user authentication.
The vulnerability has been reported in versions 01-02 through 01-08
of the following products:
* HITSENSER3/PRP Model C-A7120-072
* HITSENSER3/PUP Model C-A7120-082
* HITSENSER3/STP Model C-A7120-092
* HITSENSER3/EUP Model C-A7120-102
SOLUTION:
Update to version 01-08-/A.
Users can contact Hitachi support service for the update.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0602 | No CVE | CNVD-2006-3621 |
CVSS V2: - CVSS V3: - Severity: - |
D-Link Airspot DSA-3100 Gateway is a gateway device developed by DLINK. The D-Link Airspot DSA-3100 Gateway contains a web interface that does not adequately filter the URI data submitted by the user. Remote attackers can use the vulnerability to conduct cross-site scripting attacks and obtain sensitive information. The problem is that the 'login_error.shtml' script lacks filtering of the web parameters submitted by the user, submits malicious script code as parameter data, and induces the user to access, and can obtain sensitive information
| VAR-200606-0421 | CVE-2006-2806 | Apache James SMTP Remotely Extra long data Denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. Apache James is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed SMTP commands.
This issue allows remote attackers to consume excessive CPU resources of affected computers, potentially denying service to legitimate users.
Apache James version 2.2.0 is vulnerable to this issue; other versions may also be affected
| VAR-200605-0422 | CVE-2006-2653 | D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-Site Scripting Vulnerability |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. D-Link DSA-3100 has a cross-site scripting vulnerability in login_error.shtml. This issue is due to a failure to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TITLE:
Elite-Board "search" Parameter Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA20289
VERIFY ADVISORY:
http://secunia.com/advisories/20289/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
Elite-Board 1.x
http://secunia.com/product/10164/
DESCRIPTION:
luny has reported a vulnerability in Elite-Board, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "search" parameter in search.html during searches
is not properly sanitised before being returned to users.
The vulnerability has been reported in version 1.1. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
luny
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
SOLUTION:
Do not visit other web sites while accessing the gateway
| VAR-200605-0454 | CVE-2006-2679 | Cisco VPN Client Local Privilege Escalation Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. Cisco VPN Client is susceptible to a local privilege-escalation vulnerability. This issue is due to an unspecified flaw in the VPN client GUI application.
This issue allows local attackers to gain Local System privileges on affected computers. This facilitates the complete compromise of affected computers.
This vulnerability affects Cisco VPN Clients on Microsoft Windows. Versions prior to 4.8.01.x, with the exception of version 4.7.00.0533, are affected. There is a loophole in the implementation of the Cisco VPN client, and local attackers may use this loophole to elevate their own access rights. A user must be able to authenticate and start an interactive Windows session to exploit this vulnerability. Successful exploitation of this vulnerability could allow a normal user or an attacker to take complete control of the system, circumventing any controls placed by the Windows system administrator.
The vulnerability has been reported in versions 2.x, 3.x, 4.0.x,
4.6.x, 4.7.x (except version 4.7.00.0533), and 4.8.00.x for Windows.
SOLUTION:
Update to version 4.8.01.0300.
http://www.cisco.com/pcgi-bin/tablebuild.pl/windows
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
* Andrew Christensen, FortConsult.
* Johan Ronkainen
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0399 | CVE-2006-2630 | Symantec products vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. Symantec products are vulnerable to a stack-based buffer overflow.
Symantec AntiVirus Corporate Edition 10.1 and Symantec Client Security 3.1 are currently known to be vulnerable to this issue. All supported platforms are affected including Microsoft Windows and Novell Netware. Symantec AntiVirus is a very popular antivirus solution. The remote management protocol used by the affected products for communication is a proprietary message-based protocol with two levels of encapsulation. The outer layer consists of message headers, which may be message type 10, which means requesting Rtvscan.exe, or type 20 or 30, which means forwarding SSL negotiation. If SSL is created for a TCP connection, subsequent communication is encrypted, although there is still plaintext in the private format. The data of the type 10 message contains its own header and message body, both of which are processed by Rtvscan.exe. There is a command field in this header, which specifies the operation to be performed and the format of the message body data. COM_FORWARD_LOG (0x24) The command handler does not use strncat correctly, allowing to overwrite the 0x180 byte stack buffer with arbitrary data. If the first string in the COM_FORWARD_LOG request contains a backslash, one of two strncat calls is performed: * If the string contains commas but no double quotes: strncat(dest, src, 0x17A - strlen(src )); * Otherwise: strncat(dest, src, 0x17C - strlen(src)); If the length of the source string exceeds 0x17A or 0x17C characters respectively, the arithmetic will underflow, resulting in a large memory copy size. This might allow appending this source string to the buffer, overwriting the stack with 64KB of data (null characters excluded). Rtvscan.exe is compiled with the Visual Studio /GS security option and includes stack canary checks. But an attacker can bypass this security measure by overriding and controlling the exception handler registration.
SOLUTION:
Apply patches (see patch matrix in vendor advisory).
PROVIDED AND/OR DISCOVERED BY:
eEye Digital Security
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2006.05.25.html
eEye Digital Security:
http://www.eeye.com/html/research/upcoming/20060524.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0267 | CVE-2006-2561 | Edimax BR-6104K Router UPnP Request Access Control Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. Br 6104K is prone to a security bypass vulnerability.
TITLE:
Edimax BR-6104K UPnP Shell Command Injection Vulnerability
SECUNIA ADVISORY ID:
SA20169
VERIFY ADVISORY:
http://secunia.com/advisories/20169/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
EDIMAX BR-6104K Broadband Router
http://secunia.com/product/10080/
DESCRIPTION:
Armijn Hemel has reported a vulnerability in Edimax BR-6104K, which
can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable device.
The vulnerability is caused due to missing authentication of UPnP
AddPortMapping requests and missing validation of the
NewInternalClient parameter of the request. This can be exploited by
hosts on the local network to execute shell commands e.g.
"/sbin/reboot" on the device via specially crafted UPnP
AddPortMapping requests containing shell commands in the
NewInternalClient parameter.
SOLUTION:
Disable the UPnP functionality if it is not required.
UPnP is reportedly disabled by default.
PROVIDED AND/OR DISCOVERED BY:
Armijn Hemel
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0265 | CVE-2006-2559 | Linksys WRT54G Wireless-G Broadband Router UPnP Request Access Control Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. WRT54G v4.0 is prone to a security bypass vulnerability.
TITLE:
Linksys WRT54G UPnP Port Mapping Vulnerability
SECUNIA ADVISORY ID:
SA20161
VERIFY ADVISORY:
http://secunia.com/advisories/20161/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Linksys WRT54G Wireless-G Broadband Router
http://secunia.com/product/3523/
DESCRIPTION:
Armijn Hemel has reported a vulnerability in Linksys WRT54G, which
can be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to missing authentication of UPnP
AddPortMapping requests and missing validation of the InternalClient
parameter of the request. This can be exploited by hosts on the local
network to configure port forwarding settings on the device to forward
incoming traffic to arbitrary hosts without requiring authentication.
Successful exploitation may allow the device to be configured to
forward traffic that is received on specific ports on the external
interface to another host on the Internet.
SOLUTION:
Update to firmware version 1.00.9.
http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1127782957298&pagename=Linksys%2FCommon%2FVisitorWrapper
PROVIDED AND/OR DISCOVERED BY:
Armijn Hemel
ORIGINAL ADVISORY:
http://www.securityview.org/how-does-the-upnp-flaw-works.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0266 | CVE-2006-2560 | Sitecom WL-153 Router Firmware UPnP Request Access Control Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. Wl-153 is prone to a security bypass vulnerability.
TITLE:
Sitecom WL-153 UPnP Shell Command Injection Vulnerability
SECUNIA ADVISORY ID:
SA20183
VERIFY ADVISORY:
http://secunia.com/advisories/20183/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
Sitecom WL-153 MIMO XR Wireless Network Broadband Router
http://secunia.com/product/10081/
DESCRIPTION:
Armijn Hemel has reported a vulnerability in Sitecom WL-153, which
can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable device.
The vulnerability is related to:
SA20169
The vulnerability has been reported in firmware versions prior to
1.38.
SOLUTION:
Disable the UPnP functionality if it is not required.
The vendor reportedly will release an updated firmware soon.
PROVIDED AND/OR DISCOVERED BY:
Armijn Hemel
OTHER REFERENCES:
SA20169:
http://secunia.com/advisories/20169/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0268 | CVE-2006-2562 | ZyXEL P-335WT Router UPnP Request Access Control Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. P-335Wt Router is prone to a security bypass vulnerability.
TITLE:
ZyXEL P-335WT UPnP Port Mapping Vulnerability
SECUNIA ADVISORY ID:
SA20184
VERIFY ADVISORY:
http://secunia.com/advisories/20184/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
ZyXEL P-335WT
http://secunia.com/product/10055/
DESCRIPTION:
Armijn Hemel has reported a vulnerability in ZyXEL P-335WT, which can
be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is related to:
SA20161
SOLUTION:
Disable the UPnP functionality if it is not required.
UPnP is reportedly disabled by default.
PROVIDED AND/OR DISCOVERED BY:
Armijn Hemel
OTHER REFERENCES:
SA20161:
http://secunia.com/advisories/20161/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200605-0197 | CVE-2006-1466 | Apple Xcode Tools WebObjects Permissions and Access Control Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. Xcode Tools is prone to an unauthorized remote access vulnerability through the WebObjects plug-in.
A remote attacker can exploit this issue to manipulate projects through the network service.
This issue affects only those systems with the Xcode Tools WebObjects plug-in installed.
TITLE:
Apple Xcode WebObjects Plugin Access Control Vulnerability
SECUNIA ADVISORY ID:
SA20267
VERIFY ADVISORY:
http://secunia.com/advisories/20267/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
SOFTWARE:
Apple Xcode 2.x
http://secunia.com/product/10144/
DESCRIPTION:
A vulnerability has been reported in Apple Xcode, which can be
exploited by malicious people to bypass certain security
restrictions.
The vulnerability has been reported in versions prior to 2.3.
SOLUTION:
Update to version 2.3.
http://developer.apple.com/tools/download/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mike Schrag of mDimension Technology.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=303794
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------