VARIoT IoT vulnerabilities database
| VAR-200511-0314 | CVE-2005-3804 | Cisco 7920 wireless IP Phone open UDP Port vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. The Cisco 7920 wireless IP phone can provide Voice Over IP services over an IEEE 802.11b Wi-Fi network, which is similar to a cordless phone.
1) The SNMP service that runs on the IP phone uses fixed read-only
and read-write community strings of "public" and "private", which
cannot be changed by the user. This can be exploited to retrieve and
modify the device configuration, including stored user data such as
phone book entries by sending SNMP GetRequest or SetRequest to
phone.
SOLUTION:
Apply firmware update.
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0099 | CVE-2005-3715 | Senao SI-680H VOIP WIFI phone VxWorks Remote debugger access vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service. Senao SI-680H and SI-7800H VOIP WIFI Phone allows remote debugger connections. Successful exploitation of this vulnerability could allow a remote attacker to obtain debugging information from the device or cause a denial of service.
Senao SI-680H VOIP WIFI Phones running firmware version 0.03.0839, and Sanao SI-7800H running firmware version 0.03.0001 are prone to this issue. Other versions may also be vulnerable. Senao SI-680H is a wireless phone.
SOLUTION:
Restrict use to within trusted networks only.
PROVIDED AND/OR DISCOVERED BY:
Shawn Merdinger
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038836.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0512 | No CVE | CNVD-2005-4020 |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
The Cisco 7920 Wireless IP Phone is a VOIP-enabled phone system. The Cisco 7920 Wireless IP Phone allows remote debugging of connections, and remote attackers can exploit the vulnerability to obtain debugging information for the device or cause a denial of service attack. The Cisco 7920 Wireless IP Phone listens on UDP port 17185 for remote VxWorks debugging. The port allows remote users to collect debugging information or perform denial of service attacks
| VAR-200511-0513 | No CVE | Hitachi WirelessIP 5000+ unauthorized access vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The WirelessIP5000 developed by Hitachi Cable is an open wireless IP phone that complies with the VoIP standard communication protocol SIP.
There are multiple security vulnerabilities in WirelessIP5000, as follows:
(a) The existence of an undocumented open port TCP / 3390 in the WirelessIP5000 phone may allow remote unauthenticated attackers to access sensitive information and may cause a denial of service;
(b) A vulnerability in the WirelessIP5000 phone could allow remote attackers to change device configuration using SNMP;
(c) The default configuration of the WirelessIP5000 phone HTTP server requires no credentials to authenticate, so remote attackers can perform management functions without authentication;
(d) WirelessIP5000 phone HTTP server may leak sensitive information;
(e) There is a default management password in the WirelessIP5000 phone. An attacker who knows this password can take complete control of the device.
| VAR-200511-0514 | No CVE | Nortel Switched Firewall IKE Communication Multiple Security Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Nortel's Switched Firewall is a small, rack-mounted firewall appliance that leverages unique accelerator technology and Check Point FW-1 NG software to protect high-traffic IT data centers, service provider networks, and hosting infrastructure. Multiple Nortel Switched Firewall products have vulnerabilities in handling IPSec IKE messages, which may be exploited by remote attackers to execute arbitrary commands on the host or cause a denial of service. IPSec's PROTOS test component tests the design limitations of IPSec implementation by sending malformed IKE messages to the target device. If a specific malformed message is received, a vulnerable firewall may refuse the service or execute arbitrary code. Nortel Switched Firewall is prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic
| VAR-200511-0313 | CVE-2005-3803 | Cisco 7920 wireless IP Fixed phone SNMP Community string vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. This could allow remote attackers to retrieve and modify the device configuration.
Cisco 7920 Wireless IP Phones running firmware version 1.0(8) and earlier are vulnerable to this issue. This can be exploited to retrieve and
modify the device configuration, including stored user data such as
phone book entries by sending SNMP GetRequest or SetRequest to
phone.
2) The IP phone listens on port 17185/udp to allow connections from
the VxWorks debugger. This may be exploit to collect debugging
information or to cause a DoS on the device.
SOLUTION:
Apply firmware update.
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0016 | CVE-2005-3670 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. HP-UX is prone to denial of service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0674 | CVE-2005-4566 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
ADTRAN OS 10.03.03.E is available to address these issues.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
The vulnerabilities have been reported in ADTRAN OS-based NetVanta
products that has the IPSec VPN functionality (Enhanced Feature Pack
software) installed.
The fix will also be included in the official release of ADTRAN OS
10.04.00.E.
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0673 | CVE-2005-4565 | ADTRAN NetVanta Products IKE Traffic Multiple Unspecified Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
ADTRAN OS 10.03.03.E is available to address these issues.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
The vulnerabilities have been reported in ADTRAN OS-based NetVanta
products that has the IPSec VPN functionality (Enhanced Feature Pack
software) installed.
The fix will also be included in the official release of ADTRAN OS
10.04.00.E.
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0672 | CVE-2005-4564 | ADTRAN NetVanta Products IKE Traffic Multiple Unspecified Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
ADTRAN OS 10.03.03.E is available to address these issues.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
The vulnerabilities have been reported in ADTRAN OS-based NetVanta
products that has the IPSec VPN functionality (Enhanced Feature Pack
software) installed.
The fix will also be included in the official release of ADTRAN OS
10.04.00.E.
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0288 | CVE-2005-3768 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Gateway Security 400 is prone to a denial-of-service vulnerability.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0162 | CVE-2005-3915 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0678 | CVE-2005-4570 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Fortinet FortiGate, FortiManager, and FortiClient products are prone to denial of service vulnerabilities. These issues are due to security flaws in Fortinet's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
For more information:
SA17553
Several other bugs have also been fixed in this update. IKE will
be reportedly be automatically restarted by FortiOS when it crashes.
FortiGate (version 2.80):
Apply MR12 when available or contact technical support for a special
build.
FortiGate (version 2.50):
No patch available at this time.
FortiManager (version 2.80):
No patch available at this time.
FortiClient:
No patch available at this time.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0302 | CVE-2005-3792 | PHPNuke Search Module SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. PHPNuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. phpnuke is an open source website building program.
TITLE:
PHP-Nuke "query" SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA17543
VERIFY ADVISORY:
http://secunia.com/advisories/17543/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
>From remote
SOFTWARE:
PHP-Nuke 7.x
http://secunia.com/product/2385/
DESCRIPTION:
sp3x has discovered a vulnerability in PHP-Nuke, which can be
exploited by malicious people to conduct SQL injection attacks. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability has been confirmed in version 7.8. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
sp3x
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0312 | CVE-2005-3802 | Belkin Wireless Router Remote Authentication Bypass Vulnerability |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process.
This issue allows remote attackers to gain administrative access to affected devices.
Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices. Belkin Corporation is a manufacturer of peripheral electronic products, and F5D7232-4 and F5D7230-4 are wireless routers produced by it.
TITLE:
Belkin Wireless G Router Web Management Authentication Bypass
SECUNIA ADVISORY ID:
SA17601
VERIFY ADVISORY:
http://secunia.com/advisories/17601/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Belkin Wireless G Router
http://secunia.com/product/6130/
DESCRIPTION:
Andrei Mikhailovsky has reported a vulnerability in Belkin Wireless G
Router, which can be exploited by malicious people to bypass certain
security restrictions.
The vulnerability is caused due to an access control error in the
router's web-based management page.
The vulnerability has been reported in models F5D7230-4 and F5D7232-4
using the latest firmware 4.03.03 and 4.05.03.
SOLUTION:
Restrict access to the web-based management page.
PROVIDED AND/OR DISCOVERED BY:
Andrei Mikhailovsky, Arhont Ltd.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0298 | CVE-2005-3788 | Cisco Adaptive Security Applicance Failover denial of service vulnerability |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service.". Cisco Adaptive Security Appliances are prone to a weakness that may cause a denial of service condition in certain circumstances. This issue is due to insufficient validation of ARP responses.
This issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and 7.0(4). Other versions may also be affected. The Cisco ASA Series Adaptive Security Appliances are Cisco's purpose-designed solutions that combine the highest security and VPN services with a new Adaptive Identification and Defense (AIM) architecture. Whether the firewall is alive, but not authenticating the response to the request.
The weakness is caused due to the ASA failover testing algorithm
failing to properly identify that the active firewall has failed. This can be exploited to prevent
the standby firewall from activating via spoofed ARP responses. The
failover may also fail to happen if there is another device with the
same IP address as the active firewall on the same network subnet.
The weakness has been reported in ASA running 7.0(0), 7.0(2), and
7.0(4).
SOLUTION:
The vendor recommends that port security should be configured for all
switch ports in the same VLANs as the active and standby firewalls
enabled interfaces to prevent an attacker from spoofing the active
firewall's interface MAC address.
The firewall log should also be monitored for any IP address
collisions.
PROVIDED AND/OR DISCOVERED BY:
Amin Tora, ePlus Security Team.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0018 | CVE-2005-3672 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Stonesoft StoneGate Firewall and VPN Client are prone to multiple unspecified vulnerabilities in its IKEv1 implementation. Potential issues include denial of service attacks, format strings, and buffer overflows.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic. Stonesoft StoneGate Firewall is a firewall.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0020 | CVE-2005-3674 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. Sun Solaris is prone to a denial of service vulnerability. This issue exists in the 'libike' IKE implementation and may impact the availability of the 'in.iked' daemon.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to handling of malformed IKEv1 traffic. This may be triggered by a remote privileged user.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0015 | CVE-2005-3669 |
Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations
Related entries in the VARIoT exploits database: VAR-E-200511-0581 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. Various Cisco IOS, PIX Firewall, Firewall Services Module (FWSM), VPN 3000 Series Concentrator, and MDS Series SanOS releases are prone to denial of service attacks. These issues are due to security flaws in Cisco's IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic.
Successful attacks will cause most affected devices to restart. For Cisco MDS Series devices, this is limited to causing the IKE process to restart. IP Security or IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Access control, data source address verification, data integrity check and prevention of replay attacks. Vulnerabilities exist in the handling of IPSec IKE messages in several Cisco products. IPSec's PROTOS test suite can test the design limitations of IPSec implementations by sending malformed IKE messages to target devices.
TITLE:
IPsec-Tools ISAKMP IKE Message Processing Denial of Service
SECUNIA ADVISORY ID:
SA17668
VERIFY ADVISORY:
http://secunia.com/advisories/17668/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
IPsec-Tools 0.x
http://secunia.com/product/3352/
DESCRIPTION:
A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereferencing error
when processing certain ISAKMP packets in aggressive mode.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
SOLUTION:
Update to version 0.6.3.
http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adrian Portelli.
ORIGINAL ADVISORY:
http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200608-0043 | CVE-2006-0395 | Mac OS X of Download Validation Vulnerable to arbitrary code execution |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. Apple has released Security Update 2006-001 to address multiple remote and local Mac OS X vulnerabilities.
Apple has also released updates to address these issues. Details of the fixes are
available via the PHP web site (www.php.net). PHP ships with Mac OS
X but is disabled by default.
automount
CVE-ID: CVE-2006-0384
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Malicious network servers may cause a denial of service or
arbitrary code execution
Description: File servers on the local network may be able to cause
Mac OS X systems to mount file systems with reserved names. This
could cause the systems to become unresponsive, or possibly allow
arbitrary code delivered from the file servers to run on the target
system.
BOM
CVE-ID: CVE-2006-0391
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Directory traversal may occur while unpacking archives with
BOM
Description: The BOM framework handles the unpacking of certain
types of archives. This framework is vulnerable to a directory
traversal attack that can allow archived files to be unpacked into
arbitrary locations that are writable by the current user. This
update addresses the issue by properly sanitizing those paths.
Credit to Stephane Kardas of CERTA for reporting this issue.
Directory Services
CVE-ID: CVE-2005-2713, CVE-2005-2714
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Malicious local users may create and manipulate files as
root
Description: The passwd program is vulnerable to temporary file
attacks. This could lead to privilege elevation. This update
addresses the issue by anticipating a hostile environment and by
creating temporary files securely. Credit to Ilja van Sprundel of
Suresec LTD, vade79, and iDefense (idefense.com) for reporting this
issue.
FileVault
CVE-ID: CVE-2006-0386
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: FileVault may permit access to files during when it is
first enabled
Description: User directories are mounted in an unsafe fashion when
a FileVault image is created. This update secures the method in
which a FileVault image is created. This update addresses the issues by
correctly handling the conditions that may cause crashes. Credit to
OUSPG from the University of Oulu, NISCC, and CERT-FI for
coordinating and reporting this issue.
LibSystem
CVE-ID: CVE-2005-3706
Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Attackers may cause crashes or arbitrary code execution
depending upon the application
Description: An attacker able to cause an application to make
requests for large amounts of memory may also be able to trigger a
heap buffer overflow. This could cause the targeted application to
crash or execute arbitrary code. This update addresses the issue by
correctly handling these memory requests. This issue does not
affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of
Suresec LTD for reporting this issue. Certain techniques can be used
to disguise the file's type so that Download Validation is
bypassed. This update addresses the issue by presenting Download
Validation with the entire file, providing more information for
Download Validation to detect unknown or unsafe file types in
attachments.
perl
CVE-ID: CVE-2005-4217
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
Impact: Perl programs may fail to drop privileges
Description: When a perl program running as root attempts to switch
to another user ID, the operation may fail without notification to
the program. This may cause a program to continue to run with root
privileges, assuming they have been dropped. This can cause
security issues in third-party tools. This update addresses the
issue by preventing such applications from continuing if the
operation fails. This issue does not affect Mac OS X v10.4 or later
systems. Credit to Jason Self for reporting this issue.
rsync
CVE-ID: CVE-2005-3712
Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Authenticated users may cause an rsync server to crash or
execute arbitrary code
Description: A heap-based buffer overflow may be triggered when the
rsync server is used with the flag that allows extended attributes
to be transferred. It may be possible for a malicious user with
access to an rsync server to cause denial of service or code
execution. This update addresses the problem by ensuring that the
destination buffer is large enough to hold the extended attributes.
This issue does not affect systems prior to Mac OS X v10.4. Credit
to Jan-Derk Bakker for reporting this issue.
Safari
CVE-ID: CVE-2005-4504
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Viewing a maliciously-crafted web page may result in
arbitrary code execution
Description: A heap-based buffer overflow in WebKit's handling of
certain HTML could allow a malicious web site to cause a crash or
execute arbitrary code as the user viewing the site. This update
addresses the issue by preventing the condition causing the
overflow. Credit to Suresec LTD for reporting this issue.
Safari
CVE-ID: CVE-2006-0387
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Viewing a malicious web page may cause arbitrary code
execution
Description: By preparing a web page including specially-crafted
JavaScript, an attacker may trigger a stack buffer overflow that
could lead to arbitrary code execution with the privileges of the
user. This update addresses the issue by performing additional
bounds checking. An issue involving HTTP
redirection can cause the browser to access a local file, bypassing
certain restrictions. This update addresses the issue by preventing
cross-domain HTTP redirects.
Safari, LaunchServices
CVE-ID: CVE-2006-0394
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact: Viewing a malicious web site may result in arbitrary code
execution
Description: It is possible to construct a file which appears to be
a safe file type, such as an image or movie, but is actually an
application. When the "Open `safe' files after downloading" option
is enabled in Safari's General preferences, visiting a malicious
web site may result in the automatic download and execution of such
a file. A proof-of-concept has been detected on public web sites
that demonstrates the automatic execution of shell scripts.
Syndication
CVE-ID: CVE-2006-0389
Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Subscriptions to malicious RSS content can lead to
cross-site scripting
Description: Syndication (Safari RSS) may allow JavaScript code
embedded in feeds to run within the context of the RSS reader
document, allowing malicious feeds to circumvent Safari's security
model. This update addresses the issue by properly removing
JavaScript code from feeds. Syndication is only available in Mac OS
X v10.4 and later.
The following security enhancements are also included in this update:
FileVault: AES-128 encrypted FileVault disk images are now created
with more restrictive operating system permissions. Credit to Eric
Hall of DarkArt Consulting Services for reporting this issue.
iChat: A malicious application named Leap.A that attempts to
propagate using iChat has been detected.
Users should use caution when opening files that are obtained from
the network. Further information is available via:
http://docs.info.apple.com/article.html?artnum=108009
Security Update 2006-001 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5
The download file is named: "SecUpd2006-001Ti.dmg"
Its SHA-1 digest is: 999b73a54951b4e0a7f873fecf75f92840e8b439
For Mac OS X v10.4.5 (Intel)
The download file is named: "SecUpd2006-001Intel.dmg"
Its SHA-1 digest is: 473f94264876fa49fa15a8b6bb4bc30956502ad5
For Mac OS X v10.3.9
The download file is named: "SecUpd2006-001Pan.dmg"
Its SHA-1 digest is: b6a000d451a1b1696726ff60142fc3da08042433
For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2006-001Pan.dmg"
Its SHA-1 digest is: 2299380d72a61eadcbd0a5c6f46c924600ff5a9c
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)
iQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe
cmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4
i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI
9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus
SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j
TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw==
=1Ww0
-----END PGP SIGNATURE-----
.
The weakness is caused due to an error in the KHTMLParser when
parsing certain malformed HTML documents. This can be exploited to
crash an application that uses the parser via a specially crafted
HTML file. In certain cases, this may cause the system to become
unresponsive. Other applications that use the
parser may also be affected.
SOLUTION:
Do not open or follow links to HTML files from non-trusted sources.
PROVIDED AND/OR DISCOVERED BY:
Tom Ferris
ORIGINAL ADVISORY:
http://security-protocols.com/advisory/sp-x22-advisory.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------