VARIoT IoT vulnerabilities database

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. APC Switched Rack PDUs (Power Distribution Units) are prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to affected devices. Successful exploits will allow attackers to control the power distribution to rack-mounted computer equipment. Attackers could leverage this to cause denial-of-service conditions and possibly physical damage. The following firmware versions running on PDU part number AP9732 are vulnerable: rpdu 3.5.5 aos 3.5.6 Other versions and devices may also be affected. A remote attacker bypasses authentication and gains registration access with the help of registration attempts from different customer usages

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. Cisco Unified IP Phone is prone to a vulnerability that allows eavesdropping. An attacker can exploit this issue to transmit or receive audio stream data to an unsuspecting victim. Successfully exploiting this issue will allow the attacker to access sensitive information. If the attack is successful, the IP phone will turn on the microphone status light, and the phone will display an off-hook icon to indicate that a call is in progress. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Cisco Unified IP Phone Extension Mobility Weakness SECUNIA ADVISORY ID: SA27829 VERIFY ADVISORY: http://secunia.com/advisories/27829/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ DESCRIPTION: Joffrey Czarney has reported a weakness in Cisco Unified IP Phones, which can be exploited by malicious people to bypass certain security restrictions. The problem is that the Extension Mobility authentication credentials are not encrypted when communicating with the internal web server of an IP phone. This can be exploited to sniff the authentication credentials and perform various actions on a target IP phone (e.g. remotely login/logout a user or eavesdrop on calls). Successful exploitation requires that the Extension Mobility feature is enabled (not enabled by default). The weakness affects all Cisco IP Phones that support the Extension Mobility feature. SOLUTION: The vendor has provided some workaround to mitigate this issue. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Joffrey Czarney, Telindus ORIGINAL ADVISORY: Cisco (100252): http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Apple QuickTime RTSP of Content-Type A stack buffer overflow vulnerability exists in the handling of headers. Winodws Plate and Mac Edition QuickTime Are affected by this vulnerability. Also, iTunes Such QuickTime Systems that have installed software that uses Microsoft are also affected by this vulnerability. In addition, verification code that exploits this vulnerability has already been published.Crafted by a remote third party RTSP stream Arbitrary code could be executed when a user connects to. This issue occurs when handling specially crafted RTSP Response headers. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. UPDATE (December 4, 2007): Attackers are exploiting this issue through the Second Life Viewer to steal Linden dollars from unsuspecting victims. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. I. Most versions of QuickTime prior to and including 7.3 running on all supported Apple Mac OS X and Microsoft Windows platforms are vulnerable. An attacker could exploit this vulnerability by convincing a user to access a specially crafted HTML document such as a web page or email message. The HTML document could use a variety of techniques to cause QuickTime to load a specially crafted RTSP stream. Common web browsers, including Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari can be used to pass RTSP streams to QuickTime, exploit the vulnerability, and execute arbitrary code. Exploit code for this vulnerability was first posted publicly on November 25, 2007. II. III. To block attack vectors, consider the following workarounds. Block the rtsp:// protocol Using a proxy or firewall capable of recognizing and blocking RTSP traffic can mitigate this vulnerability. Known public exploit code for this vulnerability uses the default RTSP port 554/tcp, however RTSP can use a variety of ports. Disable file association for QuickTime files Disable the file association for QuickTime file types. This can be accomplished by deleting the following registry keys: HKEY_CLASSES_ROOT\QuickTime.* This will remove the association for approximately 32 file types that are configured to open with QuickTime Player. Disable the QuickTime ActiveX controls in Internet Explorer The QuickTime ActiveX controls can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} {4063BE15-3B08-470D-A0D5-B37161CFFD69} More information about how to set the kill bit is available in Microsoft Knolwedgebase Article 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for these controls: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4063BE15-3B08-470D-A0D5-B37161CFFD69}] "Compatibility Flags"=dword:00000400 Disable the QuickTime plug-in for Mozilla-based browsers Users of Mozilla-based browsers, such as Firefox can disable the QuickTime plugin, as specified in the PluginDoc article Uninstalling Plugins. Disable JavaScript For instructions on how to disable JavaScript, please refer to the Securing Your Web Browser document. This can help prevent some attack techniques that use the QuickTime plug-in or ActiveX control. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. Do not access QuickTime files from untrusted sources Do not open QuickTime files from any untrusted sources, including unsolicited files or links received in email, instant messages, web forums, or internet relay chat (IRC) channels. References * US-CERT Vulnerability Note VU#659761 - <http://www.kb.cert.org/vuls/id/659761> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> * Mozilla Uninstalling Plugins - <http://plugindoc.mozdev.org/faqs/uninstall.html> * How to stop an ActiveX control from running in Internet Explorer - <http://support.microsoft.com/kb/240797> * IETF RFC 2326 Real Time Streaming Protocol - <http://tools.ietf.org/html/rfc2326> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-334A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-334A Feedback VU#659761" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 30, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR1ArKvRFkHkM87XOAQJg7wf/X4wAipFWO2ZJ5MdPzTwzE+x1OUIJxenP cFuLApajAMZ33yAyTTjA0sYhKveYhxSwqQTetEPiAWp5r/KPkJL5ugkeSvtzbAgf U6rsCICcRpjPJ7IjqsW/u6Hk2PBVqWwgip+FhZG5J5mjRPUdRr3JbmKlsEm/XDxi +ENxwrAgcoQHkLn76xn/9+1vTbI3zxi0GoyAR+GIFzs+Fsn+LazMCCrDI4ltPMnS c+Qpa3/qkOC+svz63yyHBjhq6eT2HQBP/X/50syweUOf4SrpDOdexX+mRPr03i6+ 9byGzjid5sObMAbpH1AzCtiDB56ai3zf+G5qV0uK2ziXihvNEn7JKA== =Jc+L -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. tricked into opening a malicious QTL file or visiting a malicious web site. The vulnerability is confirmed in version 7.3. SOLUTION: Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files. PROVIDED AND/OR DISCOVERED BY: h07 ORIGINAL ADVISORY: http://www.milw0rm.com/exploits/4648 OTHER REFERENCES: VU#659761: http://www.kb.cert.org/vuls/id/659761 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Note: This update removes the affected binary Quicktime library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background ========== Win32 binary codecs provide support for video and audio playback. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/win32codecs < 20071007-r2 >= 20071007-r2 Description =========== Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. Hitachi JP1/File Transmission Server/FTP is prone to a denial-of-service vulnerability due to an unspecified error. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: JP1/File Transmission Server/FTP Authentication Bypass and DoS SECUNIA ADVISORY ID: SA27735 VERIFY ADVISORY: http://secunia.com/advisories/27735/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS WHERE: >From remote SOFTWARE: Hitachi JP1/File Transmission Server/FTP http://secunia.com/product/3821/ DESCRIPTION: Two vulnerabilities have been reported in JP1/File Transmission Server/FTP, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions. 1) An unspecified error can be exploited to bypass authentication and view files in a specific directory. The vulnerability affects HP-UX, HP-UX(IPF), AIX, Solaris, Linux, Linux(IPF), HP-UX(English version), and HI-UX/WE2. The vulnerability affects Windows(x86), Windows(IPF), Windows(English version), and Windows9X. SOLUTION: Update to the latest versions (please see vendor advisories for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-037_e/index-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-038_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

JP1 / File Transmission Server / FTP is an FTP-based file transfer server designed by Hitachi.  JP1 / File Transmission Server / FTP has vulnerabilities in processing abnormal user requests. Remote attackers may use the vulnerabilities to obtain sensitive information or cause denial of service.  Remote users can bypass authentication on the JP1 / File Transmission Server / FTP server to view files in a specific directory; in addition, if a special FTP command is issued, it may cause a denial of service.

Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. Attackers can exploit this issue to bypass security restrictions and obtain potentially sensitive information that could aid in further attacks. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: JP1/File Transmission Server/FTP Authentication Bypass and DoS SECUNIA ADVISORY ID: SA27735 VERIFY ADVISORY: http://secunia.com/advisories/27735/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS WHERE: >From remote SOFTWARE: Hitachi JP1/File Transmission Server/FTP http://secunia.com/product/3821/ DESCRIPTION: Two vulnerabilities have been reported in JP1/File Transmission Server/FTP, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions. The vulnerability affects HP-UX, HP-UX(IPF), AIX, Solaris, Linux, Linux(IPF), HP-UX(English version), and HI-UX/WE2. 2) An error in the processing of an unspecified FTP command can be exploited to stop the FTP service via a specially crafted file. The vulnerability affects Windows(x86), Windows(IPF), Windows(English version), and Windows9X. SOLUTION: Update to the latest versions (please see vendor advisories for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-037_e/index-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-038_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities. Ingate Siparator is prone to a denial-of-service vulnerability. Unknown vulnerabilities exist in Ingate Firewall and SIParator

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share. Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer. InTouch 8.0 is vulnerable. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Invensys Wonderware InTouch Insecure NetDDE Share Permissions Security Issue SECUNIA ADVISORY ID: SA27751 VERIFY ADVISORY: http://secunia.com/advisories/27751/ CRITICAL: Less critical IMPACT: System access WHERE: >From local network SOFTWARE: Invensys Wonderware InTouch 8.x http://secunia.com/product/16628/ DESCRIPTION: A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system. The security issue is reported in version 8.0. SOLUTION: Apply updates or upgrade to version 9.0 or later (see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Discovered by Neutralbit and reported via US-CERT with assistance from Digital Bond. ORIGINAL ADVISORY: Wonderware: http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804 US-CERT VU#138633: http://www.kb.cert.org/vuls/id/138633 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116. Successfully exploiting this issue allows remote attackers to crash the logging system of affected devices. This may aid in obfuscating further attacks. Belkin Wireless G routers with model number F5D7230-4 are vulnerable to this issue; other versions may also be affected

Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27688 VERIFY ADVISORY: http://secunia.com/advisories/27688/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: Some vulnerabilities and security issues have been reported in Ingate Firewall and SIParator, which potentially can be exploited by malicious people or users to cause a DoS (Denial of Service) or gain knowledge of sensitive information, or by malicious people to compromise a vulnerable system. 2) An error in the SRTP component when processing an overly large RTCP index could cause a kernel crash. 3) An error when processing IPsec phase two proposals without PFS could cause the IPSec module to crash. 4) An error in the SIP component when using Remote NAT Traversal could allow user's registrations to conflict and messages to be sent to the wrong user. 5) Passwords of administrators with less privileges are stored in clear text. Other issues have also been reported, which may have security impacts. SOLUTION: Update to version 4.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-460.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected.". Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27688 VERIFY ADVISORY: http://secunia.com/advisories/27688/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: Some vulnerabilities and security issues have been reported in Ingate Firewall and SIParator, which potentially can be exploited by malicious people or users to cause a DoS (Denial of Service) or gain knowledge of sensitive information, or by malicious people to compromise a vulnerable system. 1) A boundary error in libsrtp can be exploited to cause a buffer overflow. 3) An error when processing IPsec phase two proposals without PFS could cause the IPSec module to crash. 4) An error in the SIP component when using Remote NAT Traversal could allow user's registrations to conflict and messages to be sent to the wrong user. 5) Passwords of administrators with less privileges are stored in clear text. Other issues have also been reported, which may have security impacts. SOLUTION: Update to version 4.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-460.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27688 VERIFY ADVISORY: http://secunia.com/advisories/27688/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: Some vulnerabilities and security issues have been reported in Ingate Firewall and SIParator, which potentially can be exploited by malicious people or users to cause a DoS (Denial of Service) or gain knowledge of sensitive information, or by malicious people to compromise a vulnerable system. 1) A boundary error in libsrtp can be exploited to cause a buffer overflow. 2) An error in the SRTP component when processing an overly large RTCP index could cause a kernel crash. 4) An error in the SIP component when using Remote NAT Traversal could allow user's registrations to conflict and messages to be sent to the wrong user. 5) Passwords of administrators with less privileges are stored in clear text. Other issues have also been reported, which may have security impacts. SOLUTION: Update to version 4.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-460.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27688 VERIFY ADVISORY: http://secunia.com/advisories/27688/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: Some vulnerabilities and security issues have been reported in Ingate Firewall and SIParator, which potentially can be exploited by malicious people or users to cause a DoS (Denial of Service) or gain knowledge of sensitive information, or by malicious people to compromise a vulnerable system. 1) A boundary error in libsrtp can be exploited to cause a buffer overflow. 2) An error in the SRTP component when processing an overly large RTCP index could cause a kernel crash. 3) An error when processing IPsec phase two proposals without PFS could cause the IPSec module to crash. 5) Passwords of administrators with less privileges are stored in clear text. Other issues have also been reported, which may have security impacts. SOLUTION: Update to version 4.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-460.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. Sensitive information disclosure vulnerabilities exist in Ingate Firewall and SIParator. The password of the administrator \"administration\" account is stored in plain text, which may cause malicious attackers to obtain the password information of the management account through unknown means. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27688 VERIFY ADVISORY: http://secunia.com/advisories/27688/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: Some vulnerabilities and security issues have been reported in Ingate Firewall and SIParator, which potentially can be exploited by malicious people or users to cause a DoS (Denial of Service) or gain knowledge of sensitive information, or by malicious people to compromise a vulnerable system. 1) A boundary error in libsrtp can be exploited to cause a buffer overflow. 2) An error in the SRTP component when processing an overly large RTCP index could cause a kernel crash. 3) An error when processing IPsec phase two proposals without PFS could cause the IPSec module to crash. 4) An error in the SIP component when using Remote NAT Traversal could allow user's registrations to conflict and messages to be sent to the wrong user. Other issues have also been reported, which may have security impacts. SOLUTION: Update to version 4.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-460.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted.". Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection. Ingate Firewall and SIParator products are prone to multiple vulnerabilities that include buffer-overflow, information-disclosure, and denial-of-service issues. An attacker may access sensitive information, cause denial-of-service conditions, or potentially execute arbitrary code. Versions prior to Ingate Firewall 4.6.0 and Ingate SIParator 4.6.0 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. The problem is url Related to variables.By a third party /screens URI To PATH_INFO Through any Web Script or HTML May be inserted. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible

Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the (1) Text, (2) EditSelText, (3) EditText, and (4) CellFontName property values. ComponentOne FlexGrid ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input. ComponentOne FlexGrid 7.1 Light is vulnerable; other versions may also be affected

The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. This issue may result in a false sense of security and leave certain processes vulnerable to external attack. This issue affects Mac OS X 10.5 and Mac OS X Server 10.5; earlier versions are not affected. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple Mac OS X Application Firewall Weaknesses and Security Issue SECUNIA ADVISORY ID: SA27695 VERIFY ADVISORY: http://secunia.com/advisories/27695/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Some weaknesses and a security issue have been reported in Apple Mac OS X, which can lead to exposure of certain services. 1) The Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections even though the option "Block all incoming connections" is set. NOTE: The update changes the name of the option and updates the documentation. 2) The Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections even though the executable has been added to the list of blocked applications via the "Set access for specific services and applications" option. This may lead to exposure of certain services. Mac OS X 10.5.1 Update: http://www.apple.com/support/downloads/macosx1051update.html Mac OS X Server 10.5.1 Update http://www.apple.com/support/downloads/macosxserver1051update.html PROVIDED AND/OR DISCOVERED BY: J\xfcrgen Schmidt ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307004 heise Security: http://www.heise-security.co.uk/articles/98120 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. Apple Mac OS X is prone to a weakness that results in unauthorized network access to certain applications. This issue affects the Application Firewall when the 'Set access for specific services and applications' setting is enabled for certain applications. This weakness exposes the computer to unauthorized remote access and can lead to a false sense of security. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. NOTE: The update changes the name of the option and updates the documentation. 3) Changes to Application Firewall settings do not affect processes started by launchd until they are restarted. This may lead to exposure of certain services. The weaknesses and the security issue have been reported in Mac OS X 10.5 (Leopard). SOLUTION: Update to Mac OS X 10.5.1. Mac OS X 10.5.1 Update: http://www.apple.com/support/downloads/macosx1051update.html Mac OS X Server 10.5.1 Update http://www.apple.com/support/downloads/macosxserver1051update.html PROVIDED AND/OR DISCOVERED BY: J\xfcrgen Schmidt ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307004 heise Security: http://www.heise-security.co.uk/articles/98120 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------