VARIoT IoT vulnerabilities database
| VAR-200601-0333 | CVE-2006-0375 | VxWorks Run on Advantage Century Telecommunication P202S IP Phone Vulnerabilities that provide incorrect time information in some firmware |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks. ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible.
ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected.
TITLE:
ACT WLAN Phone P202S Multiple Security Issues
SECUNIA ADVISORY ID:
SA18514
VERIFY ADVISORY:
http://secunia.com/advisories/18514/
CRITICAL:
Less critical
IMPACT:
Unknown, Security Bypass, Exposure of system information, DoS
WHERE:
>From local network
OPERATING SYSTEM:
ACT WLAN Phone P202S
http://secunia.com/product/6843/
DESCRIPTION:
Shawn Merdinger has reported some security issues in ACT WLAN Phone
P202S, which can be exploited by malicious people to potentially
disclose system information, potentially cause a DoS (Denial of
Service), and bypass certain security restrictions.
2) An error caused due to the phone allowing connections to the echo
service on port 7/tcp may be exploited to cause a DoS on other
network devices.
3) An error caused due to the phone allowing connections to the
rlogin service on port 513/tcp can be exploited to gain rlogin access
to the phone without authentication.
It has also been reported that the phone has a hardcoded NTP server.
The security issues have been reported in version 1.01.21.
SOLUTION:
Restrict use to within trusted networks only.
PROVIDED AND/OR DISCOVERED BY:
Shawn Merdinger
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200601-0135 | CVE-2006-0255 | Check Point VPN-1 SecureClient Path Specification Local Privilege Upgrade Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed.
The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed
| VAR-200707-0577 | CVE-2007-3387 | Freedesktop Poppler Input validation error vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
The oldstable distribution (sarge) will be fixed later.
For the stable distribution (etch) this problem has been fixed in
version 1.6.1-2etch1.
For the unstable distribution (sid) this problem has been fixed in
version 1.6.3-2.
We recommend that you upgrade your koffice packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch1.dsc
Size/MD5 checksum: 1472 8803903f046a6dc4dedd4ac56c65946e
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch1.diff.gz
Size/MD5 checksum: 475994 1824b9ef1447a01ee8c66967e438a480
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1.orig.tar.gz
Size/MD5 checksum: 63070725 46ac2a71f5826a6ed149a62d501dacec
Architecture independent components:
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.6.1-2etch1_all.deb
Size/MD5 checksum: 682624 2e69c6bcc9ed69aa0e5e02d03dabbbb8
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.6.1-2etch1_all.deb
Size/MD5 checksum: 749178 53f5b7797feabd74638ab3d1c40de3c8
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.6.1-2etch1_all.deb
Size/MD5 checksum: 521862 6f89297c5f78585a3195b4f1dfa4d8e0
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc_1.6.1-2etch1_all.deb
Size/MD5 checksum: 93980342 117c06038c2415622487cb8eca90105e
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch1_all.deb
Size/MD5 checksum: 24142 d16c0268b5baea99c12d618820407f47
http://security.debian.org/pool/updates/main/k/koffice/kpresenter-data_1.6.1-2etch1_all.deb
Size/MD5 checksum: 1899294 c265feaf7147b76a8b08dc5163099707
http://security.debian.org/pool/updates/main/k/koffice/krita-data_1.6.1-2etch1_all.deb
Size/MD5 checksum: 28298660 7002f36839d7235f7930a9aebb61d8b8
http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch1_all.deb
Size/MD5 checksum: 1771432 0d196375a5d78c46761cb594957998bc
Alpha architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 1108642 c0a9748e6a8b06bd4760337c50fb4bc9
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 1416526 63d10e6b0413276f4984c6ee1a1f7ef4
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 3685836 4cd52cf0279ead62c5c27b4ba4748690
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 1042606 5860acbde8964312a642d95248521dd1
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 644290 ae2ae1362979dc473a01cc387d5c35e4
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 57351116 68a6d38ed08a13bb277edd0510713d13
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 410176 0ade2fb236e1a4de272293183dced082
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 2851426 74b50c0dce747020b0fa60a7b6ae09d7
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 196564 0b33033532bdbdaec98ebc6359336507
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 973152 558c8de17270e700b684bdea3dc0538e
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 1400282 9c6f0fa4c63d87c4b6a4abbb42e73d4d
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 3527402 40ea5a3879538efa216d0d042dd1da8f
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 2830608 b2782512c085831fcdf1bada564aa2f4
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 328838 8ef162f834ede62f020cd5b305db1dff
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 471756 d65c24860d6ff6deee63fc371112e328
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_alpha.deb
Size/MD5 checksum: 2992058 246a8d6ca6d5c322272ef01951a03ae7
AMD64 architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 1051618 99268309b6e291808bd39fd1aa5923c5
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 1364144 78da532e23bfa76ba089e2c33827697e
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 3455106 bac873079a141581d9ee7b1089a9ce58
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 1038562 b214ed1b66c230575392726a44031b81
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 607892 a6fd0f9037ecc2ba70733d50e5902c35
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 57305368 e697d967371e2439b902fcb5166395ce
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 385972 cb1579eaf143000144f43743114b447d
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 2651560 428862af9ba3242872c371621607b00e
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 195242 e739a63b63a23cbeede895ed2f0a931c
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 922860 2ccf49f64bbbc32bb4223ea526199caa
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 1326902 e375c794f932e6e60d65d9dc37069f8d
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 3315994 87643f89d09beabf45c69cfeb378963e
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 2681396 88e55be28dc902c7f4268d011bdb86a0
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 328690 f9fb605a9f6db4163b412e3a46ad8fa3
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 456674 ef4896881ce5620f6cc0aa8b83a3dc83
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_amd64.deb
Size/MD5 checksum: 2825902 1fc38774ab3d5032d63dd7adecb42d11
ARM architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 920358 e5b94e799a52210da01b652bb909020a
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 1290422 fd552f230e4694299407330ce4d97075
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 3688574 3e2c8d373960dfc33c45c973ad39a6e8
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 1028370 e49723ac5a31dac06820fd374eb2203f
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 523940 7d549e5bd27227b375c10231dfdc9ba1
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 93035104 0249038d77592ed6273bc19e70e690d2
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 409496 fd079c72bbb1cb53f35b9ecf03526c64
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 2590168 dc543a0068f87cee0dca2df28408b096
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 186912 03455accf8e8eebc358abc5e422892d9
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 841936 8ab2f2fd1ced4dbd6f9a5acb4eb08a0e
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 1175522 afed6782754624635529f46f1c8e7981
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 3000812 98f7ae8f90816ac7fca4822b24c1fb37
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 2464376 04e344a5ff8c638a5b9527f78ebf34d8
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 323212 74d5083c47034c965c9cdda377b2efdb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 459322 973cb0dbd0e550e2b4bba846b9918fc6
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_arm.deb
Size/MD5 checksum: 2540184 ffa4896689ac97a98f49330364b59135
HP Precision architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 1140186 f4a24ad7541186d141760983038dd957
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 1422950 bcde7a62ad9e6b186be429402c3e081b
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 3881236 c4cc616475bb6d0b84d9eb775fe8a720
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 1044450 b43dc90b143a0500d0e00d2961f28081
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 672616 a38b965d7e4ac4b754c6ebf270263507
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 58455432 d7f7b7b821cb513ca41c996315aa7d47
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 386048 ba6ae4b5faba3d0cec6be0551335463d
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 2908712 96922d60cd17540719756cf4af3c92b9
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 199034 29f78b930cd6dfe392b522c30bb213d1
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 984478 f54eba9971ba7078232a9626e1c3ee47
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 1416410 72673729092a5b4212016ef2055ed452
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 3689546 7419c3fdf2d7201277c39fdf5377c2ff
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 2802504 3e5960f4c15a76ca9c179691dd5ab3e8
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 330684 ae8d445ed64e95ff681231bc0534fd42
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 485828 9feaabcd6416cffcbc27bd4dde74963c
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_hppa.deb
Size/MD5 checksum: 3029036 8cea29337457b83c32f6297339a494c6
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 980190 f4be81a8009f863bf6721e4f3a16b93c
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 1326084 0c9ab14a8b8dc6da4cb529809f699f1c
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 3398144 e271073c83edd8f47b67c3d554ef7e9b
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 1034216 d7613a66429bb1fc843635267c41a63b
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 568798 bd21fb4cdcb38df87a9ee4b0ca64d240
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 56006598 52d23597986042f8f337591ed502fe56
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 386000 0ed91fbbd600e7cb42eb5efb9d85d72a
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 2506782 fb93057f49c40a3acf783d2f9426e62a
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 191696 cca27a7d7d5bef8ccb9a5d53cbe58119
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 885662 0879e687ca4802a0151193ca8afbddcc
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 1268928 fb27d21e132b3ea1fb247ad519a132b7
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 3055260 b6ff3e3397e0b0465480e04415e8fdf9
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 2593466 432572717307289bfdc872ba717c2df1
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 326194 a368f1c66a5528ce46737b7e1ca7e333
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 446722 0c4c8e17ecb63803aff7bae8fafe849f
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_i386.deb
Size/MD5 checksum: 2675546 4e058b6cc5b90595815d9dbda7a59306
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 1323456 925aad4ebeafc66f4998de915ae09860
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 1584732 d17d5fbedffdd10e93a3b7d86358ce52
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 4251520 ab78624f2d08dac200c3e20b5bf19eba
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 1056238 a3a52ddfea47d46de458d59352bb6b24
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 771540 6690f408ba8fa4ef4ecd1a73b4772c15
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 56365486 7125b77704bb8e2b304ea164f7585ac0
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 386000 4b49d0fc87fe7a03cbfc6712627f56ef
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 3391526 2683fc3675c8e793464ad87ca3f93f2d
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 208120 9756fafdaecfdc668912210fa044fe90
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 1152768 6117dfc1f358b2d2db6c8c5d92909236
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 1726202 2fedc322afbbee28524a3c1f6e91341f
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 4290248 2a15eab4658fb05c696018b4bb8a3e3a
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 3304152 2d4563e06a85b7062db5101cbcd70336
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 336316 1490d6f70aba215735834db4e1edac25
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 502308 e50fc18dc135f51528d013393068f908
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_ia64.deb
Size/MD5 checksum: 3612916 bbb901204646c24a3f21b22ef057c825
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 958510 7442498bc1b82f80f7b38d1aa1e902df
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 1287690 0dfe593418fefc7103955777578e2a00
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 3241864 ddc50e396f3394c6b3df81bb774f632b
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 1030578 fd20281121242266beb235ddbc1885ac
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 548568 c0e2f32aee7f20c1a74ef828ba6e0934
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 59053876 8b841923347da07b80273f6290ab4d7f
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 386028 fabfdbd1538fbeb4ec2fce871cbb7184
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 2359828 44d5ff2615b9e57a70fe4863642d8e2c
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 190270 ae6e24a914527051ead4bee9c38b7971
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 819092 82dfb56ae00edd29ccca6745c1f6a75e
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 1163638 a7c0c84109ffc6e840c0fe727db68e6c
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 3027964 fd10c7ea92ae22c46d47bbb74a33cb09
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 2389540 361a1addd403469ab65500b6a564160e
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 322876 b4929e89a649eac069b3a980a6260f1a
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 417726 3256ec7a0dc1288258beba132545d5e7
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_mips.deb
Size/MD5 checksum: 2552384 968119fb5d1161714a573aaa4f954394
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 953254 7f19a8b262df1722fc47458bcb7e430e
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 1270304 85ab4899a87db84aea99ee9be0d9adfa
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 3189052 18aef5788347fed174587cc52d66a549
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 1029818 4ad49862f52766652cc82b86a3d62dbc
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 540902 73ea464420bba4307eb3f5aada0c87f5
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 57158446 7e5f54707e11bf3dfbfefe762f093ef0
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 386028 f40359cd2cb7903eff7c7a68b96262bf
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 2320508 cf93f84747b6c65c31e374eb6ede2500
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 189704 bd5662c1ecaf3a3fe7ddb9a7926573c6
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 808498 fe192f9a64cd4fd2c641caa354911216
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 1146604 59424f1e782b84468ddffcf7dce47196
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 3003312 b1f9de7486def2643e1cb2d2e9bdb6e5
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 2371280 1e2902447a38d776d43682aca475d896
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 322764 4ed9ada93ae1031734128b8e21e5b396
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 414920 fe4c9c1da30f2e28c97decb100692645
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_mipsel.deb
Size/MD5 checksum: 2525352 8b75c3cc94fd3ddc77ec65483e79e6da
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 968956 db3737c32053b080375d1bab34869006
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 1311628 500d5274d14c85015ff79f384cd5e9e7
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 3306582 03236bc94677c9f1cbefd868ba8c2582
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 1031196 d5b423ac9375207c93868a54dd1e2f17
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 566984 67a0fe729fe1bb295faf1bb16e593dfc
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 55037420 8704c92d881cb66edf18a977a5d2a8b9
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 386024 e17227b6d5f0a8a40a17f8c61c60ce0c
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 2458452 7359da294ab7739d92314cb35cc8712c
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 189892 6ae71030836bf1eae327ed4de88459bc
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 863754 d82e5a9117735135e08f033715928b7b
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 1242202 f9f41831f5384e2f27300a3337dd1caa
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 3070384 f8dc0a40f3a9675a986146ef4439a8ce
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 2542754 3152bc7240739a15551ee6fd7e9fd24e
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 324992 b06f7fde6b64e6a3d35e22e5e8ca7285
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 448896 40876dccfa3a328cd1afa620b782f890
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_sparc.deb
Size/MD5 checksum: 2634778 a7a1f117b54a9a97a3e272e5a3e75c73
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGyLAwXm3vHE4uyloRAjURAKC9r1HW7SMqpglYoipqpfl7T0EeAQCfcsTV
PqlOimvTleSizys36mrE/RQ=
=LdpE
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
TITLE:
GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA18375
VERIFY ADVISORY:
http://secunia.com/advisories/18375/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
GNOME 2.x
http://secunia.com/product/3277/
DESCRIPTION:
Some vulnerabilities have been reported in GNOME gpdf, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a user's system.
For more information:
SA18303
SOLUTION:
Restrict use to trusted PDF files only.
Some Linux vendors have released updated packages.
OTHER REFERENCES:
SA18303:
http://secunia.com/advisories/18303/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ** REJECTED ** Do not use this application number. ConsultIDs: CVE-2007-3387. Reason: This application number is a duplicate of CVE-2007-3387. ===========================================================
Ubuntu Security Notice USN-496-2 August 07, 2007
poppler vulnerability
CVE-2007-3387
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpoppler1 0.5.1-0ubuntu7.2
Ubuntu 6.10:
libpoppler1 0.5.4-0ubuntu4.2
Ubuntu 7.04:
libpoppler1 0.5.4-0ubuntu8.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-496-1 fixed a vulnerability in koffice. This update provides the
corresponding updates for poppler, the library used for PDF handling in
Gnome.
This update provides packages which are patched to prevent these
issues. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGwNFrmqjQ0CJFipgRAv2IAKDb0IHMGzNZATBqmDVKH6QoVioH7ACfX46t
fDzt568B5Q6htUhoJ1ihjdo=
=acIA
-----END PGP SIGNATURE-----
.
Background
==========
teTeX is a complete TeX distribution for editing documents. Other vulnerabilities have also been discovered in the
same file but might not be exploitable (CVE-2007-0650). Tetex also
includes vulnerable code from GD library (GLSA 200708-05), and from
Xpdf (CVE-2007-3387). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PDFKit, ImageKits: Buffer overflow
Date: October 18, 2007
Bugs: #188185
ID: 200710-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
PDFKit and ImageKits are vulnerable to an integer overflow and a stack
overflow allowing for the user-assisted execution of arbitrary code.
Background
==========
PDFKit is a framework for rendering of PDF content in GNUstep
applications. ImageKits is a collection of frameworks to support
imaging in GNUstep applications.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 gnustep-libs/pdfkit <= 0.9_pre062906 Vulnerable!
2 gnustep-libs/imagekits <= 0.6 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
2 affected packages on all of their supported architectures. ImageKits also contains a copy of PDFKit.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
PDFKit and ImageKits are not maintained upstream, so the packages were
masked in Portage. We recommend that users unmerge PDFKit and
ImageKits:
# emerge --unmerge gnustep-libs/pdfkit
# emerge --unmerge gnustep-libs/imagekits
As an alternative, users should upgrade their systems to use PopplerKit
instead of PDFKit and Vindaloo instead of ViewPDF.
References
==========
[ 1 ] CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
[ 2 ] GLSA 200709-12
http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200710-20.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Note: Gentoo's version of Xpdf is
patched to use the Poppler library, so the update to Poppler will also
fix Xpdf
| VAR-200601-0295 | CVE-2006-0354 | Cisco Aironet WAP of ARP Service disruption due to request processing (DoS) Vulnerabilities |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. Cisco IOS Wireless access point that operates Cisco Aironet Wireless Access Points (WAP) Is illegal ARP When processing a request, there is a vulnerability where the physical memory on the device is exhausted and traffic cannot be processed.Device is out of service (DoS) It may be in a state. This issue is due to memory exhaustion caused by improper handling of an excessive number of ARP requests.
This issue allows attackers who can successfully associate with a vulnerable access point to exhaust the memory of the affected device. As a result, the device fails to pass legitimate traffic until it has been rebooted. There is a loophole in Cisco Aironet's processing of ARP requests, and a remote attacker may use the loophole to carry out a denial of service attack on the device. This will cause the device to be unable to transmit traffic until it is powered off and reloaded, affecting the availability of the wireless access point, and may not be able to use management and packet forwarding services. This can be exploited by sending spoofed ARP
messages to the management interface of the AP to continuously add
entries to the ARP table of the device until the device runs out of
memory.
Successful exploitation causes the AP to be unable to pass traffic
until the device is restarted, but requires the ability to send ARP
messages to the management interface of the AP.
SOLUTION:
Update to IOS version 12.3-7-JA2.
http://tools.cisco.com/support/downloads/pub/MDFTree.x?butype=wireless
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200601-0175 | CVE-2006-0181 | Cisco Security Monitoring, Analysis and Response System Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. This password is static across all installations of the software.
It is possible for those running software release 4.1.3 and later to change a portion of the default administrative password, effectively addressing the vulnerability. However, earlier versions do not provide this option. In addition, CS-MARS can also perform automated tasks to alleviate safety issues. Successful exploitation of this vulnerability will allow the attacker to obtain full management rights of the CS-MARS device. The password for the account
reportedly cannot be changed.
Successful exploitation requires logon to the administration command
line interface with e.g. the "pnadmin" account.
The vulnerability has been reported in versions prior to 4.1.3.
SOLUTION:
Update to version 4.1.3 or later and use the "passwd expert" command
to change the root password.
http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200601-0173 | CVE-2006-0179 |
Sun Solaris uustat -S Command line parameter overflow vulnerability
Related entries in the VARIoT exploits database: VAR-E-200601-0305 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. Cisco IP Phone 7940 is prone to a remote denial of service vulnerability.
Successful exploitation causes the phone to restart.
Cisco is tracking this issue as Cisco bug ID CSCef33398. Solaris is a commercial UNIX operating system developed and maintained by Sun. There is a buffer overflow vulnerability in the /usr/bin/uustat binary program of Solaris. An attacker who successfully exploits this vulnerability can completely control the return address of the execution function and execute arbitrary code with uucp user privileges. If the string length after the \"-S\" command line parameter is greater than or equal to 1152 bytes, it may cause the binary program to crash. The following example shows that the buffer is overflowed and the o1 register is completely overwritten by the letter A: bash-2.03\\% ls -l /usr/bin/uustat ---s--x--x 1 uucp uucp 62012 Jan 17 16:07 uustat bash-2.03$ /usr/bin/uustat -S `perl -e \'\'print \"A\"x3000\'\'` Segmentation Fault bash-2.03$ (gdb) info registers g0 0x0 0 g1 0xff315e98 - 13541736 g2 0x1cc00 117760 g3 0x440 1088 g4 0x0 0 g5 0x0 0 g6 0x0 0 g7 0x0 0 o0 0xff3276a8 -13470040 o1 0x41414141 1094795585 ...
The vulnerability is caused due to an error in the IP Stack.
SOLUTION:
Update to firmware revision 7.1(1) or later, which have the
capability to perform load control using TCP throttling. This
prevents a device from reloading.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Knud Erik H\xf8jgaard.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200601-0258 | CVE-2006-0163 | PHPNuke EV Search Module SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
PHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected.
For more information:
SA17543
The vulnerability has been confirmed in version 7.7-R1.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Originally reported in PHP-Nuke by sp3x.
Reported in PHPNuke EV by Lostmon.
ORIGINAL ADVISORY:
http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html
OTHER REFERENCES:
SA17543:
http://secunia.com/advisories/17543/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200601-0231 | CVE-2006-0081 | Intel Graphics Accelerator Drives Remote Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title.
This issue allows attackers to crash the display manager on Microsoft Windows XP, or cause a complete system crash on computers running Microsoft Windows 2000. Other operating systems where the affected display driver is available are also likely affected.
Version 6.14.10.4308 of the Intel Graphics Accelerator driver is considered vulnerable to this issue. Other versions may also be affected.
This issue will be updated as further information becomes available. This issue may be related to the one described in BID 10913 (Microsoft Windows Large Image Processing Remote Denial Of Service Vulnerability), but this has not been confirmed. Attempting to parse very long text in Mozilla Firefox triggers a buffer overflow that crashes the Windows Display Manager. This can
potentially be exploited to cause a DoS e.g. by tricking a user to
open a window to an overly long URL with the browser.
Successful exploitation may cause the system to restart or cause the
system to revert to a low resolution display mode.
The vulnerability has been confirmed in version 6.14.10.4308.
SOLUTION:
Do not visit non-trusted websites or open non-trusted files.
PROVIDED AND/OR DISCOVERED BY:
$um$id
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0832 | CVE-2005-3526 | Ipswitch Collaboration Suite Code Execution Vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow.
The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command.
This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
TITLE:
Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability
SECUNIA ADVISORY ID:
SA19168
VERIFY ADVISORY:
http://secunia.com/advisories/19168/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
IMail Secure Server 2006
http://secunia.com/product/8651/
IMail Server 2006
http://secunia.com/product/8653/
Ipswitch Collaboration Suite 2006
http://secunia.com/product/8652/
DESCRIPTION:
A vulnerability has been reported in Ipswitch IMail
Server/Collaboration Suite, which can be exploited by malicious users
to cause a DoS (Denial of Service). This can be exploited to cause a
buffer overflow, which crashes the server.
Ipswitch Collaboration Suite 2006 Premium Edition:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe
Ipswitch Collaboration Suite 2006 Standard Edition:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe
IMail Secure Server 2006:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe
IMail Server 2006:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe
PROVIDED AND/OR DISCOVERED BY:
The vendor credits 3Com's Zero Day Initiative.
ORIGINAL ADVISORY:
http://www.ipswitch.com/support/ics/updates/ics200603prem.asp
http://www.ipswitch.com/support/ics/updates/ics200603stan.asp
http://www.ipswitch.com/support/imail/releases/imsec200603.asp
http://www.ipswitch.com/support/imail/releases/im200603.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-003.html
March 13, 2006
-- CVE ID:
CVE-2005-3526
-- Affected Vendor:
Ipswitch
-- Affected Products:
Ipswitch Collaboration Suite 2006.02 and below
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since December 13, 2005 by Digital Vaccine protection
filter ID 3982.
-- Vendor Response:
>>From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:
"IMAP: Corrected a vulnerability issue where a properly crafted Fetch
command causes IMAP to crash with a buffer overflow (disclosed by
TippingPoint, a division of 3Com)."
-- Disclosure Timeline:
2005.12.13 - Vulnerability reported to vendor
2005.12.13 - Digital Vaccine released to TippingPoint customers
2006.03.13 - Public release of advisory
-- Credit:
This vulnerability was discovered by Manuel Santamarina Suarez aka
'FistFuXXer'.
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-200512-0273 | CVE-2005-3653 | CA iTechnology iGateway Service negative Content-Length Field value buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service.
A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms.
Products containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology's processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap.
TITLE:
CA Products iGateway Service Content-Length Buffer Overflow
SECUNIA ADVISORY ID:
SA18591
VERIFY ADVISORY:
http://secunia.com/advisories/18591/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
BrightStor ARCserve Backup 11.x
http://secunia.com/product/312/
BrightStor ARCserve Backup 11.x (for Windows)
http://secunia.com/product/3099/
BrightStor ARCserve Backup 9.x
http://secunia.com/product/313/
BrightStor ARCserve Backup for Laptops & Desktops 11.x
http://secunia.com/product/5906/
BrightStor Enterprise Backup 10.x
http://secunia.com/product/314/
BrightStor Process Automation Manager 11.x
http://secunia.com/product/5908/
BrightStor Storage Resource Manager 11.x
http://secunia.com/product/5909/
BrightStor Storage Resource Manager 6.x
http://secunia.com/product/5910/
CA Advantage Data Transformer 2.x
http://secunia.com/product/5904/
CA AllFusion Harvest Change Manager 7.x
http://secunia.com/product/5905/
CA BrightStor Portal 11.x
http://secunia.com/product/5577/
CA BrightStor SAN Manager 11.x
http://secunia.com/product/5576/
CA eTrust Admin 8.x
http://secunia.com/product/5584/
CA eTrust Audit 1.x
http://secunia.com/product/5911/
CA eTrust Audit 8.x
http://secunia.com/product/5912/
CA eTrust Identity Minder 8.x
http://secunia.com/product/5913/
CA Unicenter Service Fulfillment 2.x
http://secunia.com/product/5942/
eTrust Secure Content Manager (SCM)
http://secunia.com/product/3391/
DESCRIPTION:
Erika Mendoza has reported a vulnerability in various CA products,
which can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error in the handling
of HTTP data in the iGateway component.
SOLUTION:
Update the iGateway component to version 4.0.051230 or later.
ftp://ftp.ca.com/pub/iTech/downloads/
PROVIDED AND/OR DISCOVERED BY:
Erika Mendoza
ORIGINAL ADVISORY:
Computer Associates:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
iDEFENSE:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Please see below for important changes to CAID 33778 (aka CVE-2005-3653;
OSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526).
Changelog is near end of advisory.
Regards,
Ken Williams
Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow
Vulnerability [v1.1]
CA Vulnerability ID: 33778
CA Advisory Date: 2006-01-23
Updated Advisory [v1.1]: 2006-01-26
Discovered By: Erika Mendoza reported this issue to iDefense.
Mitigating Factors: None.
Severity: CA has given this vulnerability a Medium risk rating.
Affected Technologies: Please note that the iGateway component is
not a product, but rather a common component that is included
with multiple products. The iGateway component is included in
the following CA products, which are consequently potentially
vulnerable.
Affected Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup 10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Backup Laptop & Desktop r11.1
BrightStor ARCserve Backup Laptop & Desktop r11
BrightStor Process Automation Manager r11.1
BrightStor SAN Manager r11.1
BrightStor SAN Manager r11.5
BrightStor Storage Resource Manager r11.5
BrightStor Storage Resource Manager r11.1
BrightStor Storage Resource Manager 6.4
BrightStor Storage Resource Manager 6.3
BrightStor Portal 11.1
Note to BrightStor Storage Resource Manager and BrightStor Portal
users: In addition to the application servers where these products
are installed, all hosts that have iSponsors deployed to them for
managing applications like Veritas Volume Manager and Tivoli TSM
are also affected by this vulnerability.
eTrust Products:
eTrust Audit 1.5 SP2 (iRecorders and ARIES)
eTrust Audit 1.5 SP3 (iRecorders and ARIES)
eTrust Audit 8.0 (iRecorders and ARIES)
eTrust Admin 8.1
eTrust Identity Minder 8.0
eTrust Secure Content Manager (SCM) R8
eTrust Integrated Threat Management (ITM) R8
eTrust Directory, R8.1 (Web Components Only)
Unicenter Products:
Unicenter CA Web Services Distributed Management R11
Unicenter AutoSys JM R11
Unicenter Management for WebLogic / Management for WebSphere R11
Unicenter Service Delivery R11
Unicenter Service Level Management (USLM) R11
Unicenter Application Performance Monitor R11
Unicenter Service Desk R11
Unicenter Service Desk Knowledge Tools R11
Unicenter Asset Portfolio Management R11
Unicenter Service Metric Analysis R11
Unicenter Service Catalog/Assure/Accounting R11
Unicenter MQ Management R11
Unicenter Application Server Management R11
Unicenter Web Server Management R11
Unicenter Exchange Management R11
Affected platforms:
AIX, HP-UX, Linux Intel, Solaris, and Windows
Status and Recommendation:
Customers with vulnerable versions of the iGateway component
should upgrade to the current version of iGateway (4.0.051230 or
later), which is available for download from the following
locations:
http://supportconnect.ca.com/
ftp://ftp.ca.com/pub/iTech/downloads/
Determining the version of iGateway:
To determine the version numbers of the iGateway components:
Go to the igateway directory:
On windows, this is %IGW_LOC%
Default path for v3.*: C:\Program Files\CA\igateway
Default path for v4.*:
C:\Program Files\CA\SharedComponents\iTechnology
On unix,
Default path for v3.*: /opt/CA/igateway
Default path for v4.*: the install directory path is contained in
opt/CA/SharedComponents/iTechnology.location.
The default path is /opt/CA/SharedComponents/iTechnology
Look at the <Version> element in igateway.conf.
The versions are affected by this vulnerability if you see
a value LESS THAN the following:
<Version>4.0.051230</Version> (note the format of v.s.YYMMDD)
References:
(note that URLs may wrap)
CA SupportConnect:
http://supportconnect.ca.com/
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not
ice.asp
CAID: 33778
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
CVE Reference: CVE-2005-3653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653
OSVDB Reference: OSVDB-22688
http://osvdb.org/22688
iDefense Reference:
Computer Associates iTechnology iGateway Service Content-Length
Buffer Overflow
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
Changelog:
v1.0 - Initial Release
v1.1 - Removed several unaffected technologies; added more
reference links.
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Dir. of CA Vulnerability Research Team
CA, One Computer Associates Plaza. Islandia, NY 11749
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA. All rights reserved
| VAR-200512-0918 | CVE-2005-4723 | Multiple D-Link Products IP Packet Reassembly Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
D-Link's multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices.
If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:
The IP header of all messages must have the same Identification Number.
Message 1:
The MORE_FRAGMENTS flag must be set to 1 (IP_MF)
Debris offset = 0
The effective part size of the message is 8 bytes. Null bytes were used in the attack code.
Message 2:
Set the MORE_FRAGMENTS flag to 1 (0x2002)
Debris offset = 16
The valid part is 8 bytes long.
Message 3:
Set the MORE_FRAGMENTS flag to 0 (0x0003)
Debris offset = 24
The valid part is 8 bytes long.
Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets.
D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected.
It is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment.
TITLE:
D-Link Wireless Access Point Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA18833
VERIFY ADVISORY:
http://secunia.com/advisories/18833/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
D-Link DI-784
http://secunia.com/product/8029/
D-Link DI-624
http://secunia.com/product/3660/
D-Link DI-524
http://secunia.com/product/8028/
DESCRIPTION:
Aaron Portnoy and Keefe Johnson has reported a vulnerability in
D-Link Wireless Access Point, which potentially can be exploited by
malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of
fragmented UDP packets.
The vulnerability has been reported in the following products:
* D-Link DI-524 Wireless Router (firmware version 3.20 August 18,
2005).
* D-Link DI-624 Wireless Router.
* D-Link DI-784.
SOLUTION:
The vulnerability has reportedly been fixed in the latest firmware.
PROVIDED AND/OR DISCOVERED BY:
Aaron Portnoy and Keefe Johnson
ORIGINAL ADVISORY:
http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0320 | CVE-2005-4825 | Secure Smart Manager Cisco Clean Access Denial of service attack vulnerability |
CVSS V2: 5.7 CVSS V3: - Severity: MEDIUM |
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. Cisco Clean Access (CCA) is prone to a denial-of-service vulnerability
| VAR-200512-0321 | CVE-2005-4826 | Multiple Cisco switch VLAN Relay Protocol Message Handling Denial of Service Vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. The VLAN Trunking Protocol (VTP) is Cisco's proprietary protocol for centralized management of VLANs.
If a malformed VTP packet is received, some switch devices may be overloaded. However, an attacker must know the VTP domain name and send malformed VTP packets to the port configured for relay on the switch to exploit this vulnerability. Multiple Cisco switches are prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users.
----------------------------------------------------------------------
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Try it out online:
http://secunia.com/software_inspector/
----------------------------------------------------------------------
TITLE:
Cisco IOS VTP Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA23892
VERIFY ADVISORY:
http://secunia.com/advisories/23892/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS 12.x
http://secunia.com/product/182/
Cisco IOS R12.x
http://secunia.com/product/50/
DESCRIPTION:
David Barroso Berrueta and Alfredo Andres Omella have reported a
vulnerability in Cisco IOS, which can be exploited by malicious
people to cause a DoS (Denial of Service). This can be
exploited to cause a device to reload by sending a specially crafted
VTP packet.
Successful exploitation requires knowledge of the VTP domain name and
the port that is configured for trunking.
PROVIDED AND/OR DISCOVERED BY:
Alfredo Andres Omella and David Barroso Berrueta, S21SEC
ORIGINAL ADVISORY:
Cisco Advisory:
http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html
21SEC Advisory:
http://www.s21sec.com/es/avisos/s21sec-034-en.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0301 | CVE-2005-3714 | Apple AirPort Remote Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients.
A denial of service vulnerability exists in Apple AirPort. A malicious network attacker can send a specially crafted message, causing the network interface of the AirPort base station to stop responding. This occurs when the device handles malformed packets.
Specific details regarding this issue are not currently known. This record will be updated when more information becomes available.
AirPort Express firmware versions prior to 6.3 and AirPort Extreme firmware versions prior to 5.7 are vulnerable.
The vulnerability is caused due to an unspecified error in the base
station when handling certain network packets.
SOLUTION:
Apply updated firmware.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=303072
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Credit to Michael Zanetta of NETwork Security
Consortium for reporting this issue
| VAR-200512-0384 | CVE-2005-4812 | SISCO OSI stack fails to properly validate packets |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. The Inter-control Center Communications Protocol (ICCP) is a protocol for communicating data in the control center of a SCADA network. A remote attacker can exploit the vulnerability to perform a denial of service attack on the service. The SISCO OSI stack on the Windows platform incorrectly handles malformed packets, and remote unauthenticated users can perform denial of service attacks on services.
This issue allows remote, unauthenticated attackers to crash affected applications, denying further service to legitimate users.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
SISCO OSI Stack Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA22047
VERIFY ADVISORY:
http://secunia.com/advisories/22047/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
SISCO MMS-EASE 7.x
http://secunia.com/product/12072/
SISCO ICCP Toolkit for MMS-EASE 4.x
http://secunia.com/product/12073/
SISCO AX-S4 MMS 5.x
http://secunia.com/product/12071/
SISCO AX-S4 ICCP 3.x
http://secunia.com/product/12070/
DESCRIPTION:
A vulnerability has been reported in various SISCO products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
SISCO:
http://www.sisconet.com/downloads/NESSUS_Vulnerability_Announcement.pdf
OTHER REFERENCES:
US-CERT VU#468798:
http://www.kb.cert.org/vuls/id/468798
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-1016 | CVE-2005-4625 | Driver Denial of Service Attack Vulnerabilities in Certain Display Adapters |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. Display Adapter Driver is prone to a denial-of-service vulnerability
| VAR-200512-0642 | CVE-2005-0985 | Mac OS X Unknown vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. There is an unknown vulnerability in the Mac OS X kernel before 10.3.8
| VAR-200512-0638 | CVE-2005-3782 | Mac OS X Bypass login to restart system vulnerabilities |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. Apple Mac OS X Server is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users
| VAR-200512-0643 | CVE-2005-2340 | Apple QuickTime fails to properly handle corrupt media files |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability.
This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file.
A successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application.
This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed.
This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006
Last revised: January 11, 2006
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple
vulnerabilities. The impacts of these vulnerabilities include
execution of arbitrary code and denial of service.
I.
(CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes. Potential
consequences include remote execution of arbitrary code or commands
and denial of service.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj
34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey
AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/
HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL
osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy
0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==
=5Kiq
-----END PGP SIGNATURE-----
| VAR-200512-0298 | CVE-2005-3711 | Apple QuickTime fails to properly handle corrupt media files |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. Apple's QuickTime is a player for files and streaming media in a variety of different formats.
A successful attack can result in a remote compromise.
NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability. Apple QuickTime is prone to multiple remote code-execution vulnerabilities.
These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats.
Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access.
Versions prior to QuickTime 7.0.4 are vulnerable.
TITLE:
QuickTime Multiple Image/Media File Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA18370
VERIFY ADVISORY:
http://secunia.com/advisories/18370/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.
1) A boundary error in the handling of QTIF images can be exploited
to cause a heap-based buffer overflow. This may allow arbitrary code
execution when a malicious QTIF image is viewed.
2) Some boundary and integer overflow/underflow errors in the
handling of TGA images can be exploited to cause a buffer overflow.
3) An integer overflow error exists in the handling of TIFF images.
This can potentially be exploited to execute arbitrary code when a
malicious TIFF image is viewed.
4) A boundary error in the handling of GIF images can be exploited to
cause a heap-based buffer overflow. This may allow
arbitrary code execution when a malicious media file is viewed.
The vulnerabilities affect both the Mac OS X and the Windows
platforms.
SOLUTION:
Update to version 7.0.4.
Mac OS X (version 10.3.9 or later):
http://www.apple.com/support/downloads/quicktime704.html
Windows 2000/XP:
http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY:
1) Varun Uppal, Kanbay.
2-3) Dejun Meng, Fortinet.
4-5) Karl Lynn, eEye Digital Security.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=303101
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This is due to application failure to sanitize
the parameter StripByteCounts while parsing TIFF image files. A remote
attacker could construct a web page with specially crafted tiff file and
entice a victim to view it, when the user opens the TIFF image with
Internet Explorer or Apple QuickTime Player, it'll cause memory access
violation, and leading to potential Arbitrary Command Execution.
Impact : Execute arbitrary code
Solution : Apple Computers has released a security update for this
vulnerability, which is available for downloading from Apples's web site
under security update.
Fortinet Protection: Fortinet is protecting network from this
vulnerability with latest IPS update.
Acknowledgment : Dejun Meng of Fortinet Security Research team found
this vulnerability