VARIoT IoT vulnerabilities database
| VAR-200903-0004 | CVE-2007-6723 | Windows and Mac OS X Run on TorK Vulnerabilities whose settings are changed |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server.
Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values.
These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings
| VAR-200903-0003 | CVE-2007-6722 | Vidalia bundle Access restriction bypass vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server.
Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values.
These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings
| VAR-200712-0440 | CVE-2007-5857 | Apple Mac OS X of Quick Look In HREFTrack Information disclosure vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0443 | CVE-2007-5860 | Apple Mac OS X of Spin Tracer Vulnerable to arbitrary code execution related to output files |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation.". Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0444 | CVE-2007-5861 | Apple Mac OS X of Microsoft Office Spotlight Importer Memory corruption vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. If a user is tricked into downloading a malicious .xls file, an attacker could cause the application to terminate unexpectedly or execute arbitrary commands.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0439 | CVE-2007-5856 | Apple Mac OS X of Quick Look Information disclosure vulnerability |
CVSS V2: 9.4 CVSS V3: - Severity: HIGH |
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0442 | CVE-2007-5859 | Apple Safari code execution vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. The Apple Safari web browser contains a vulnerability that may allow an attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0438 | CVE-2007-5855 | Apple Mail In MD5 The problem of using plain text authentication in challenge response authentication |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0437 | CVE-2007-5854 | Apple Mac OS X In the start service HTML File handling vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0436 | CVE-2007-5853 | Apple Mac OS X of IO Memory corruption vulnerability in storage family |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0431 | CVE-2007-5847 | Apple Mac OS X of CFURLWriteDataAndPropertiesToResource API Information disclosure vulnerability |
CVSS V2: 6.6 CVSS V3: - Severity: MEDIUM |
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0435 | CVE-2007-5851 | Apple Mac OS X of iChat To launch a video connection without permission |
CVSS V2: 3.6 CVSS V3: - Severity: LOW |
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0425 | CVE-2007-4709 | Apple Mac OS X of CFNetwork Vulnerable to directory traversal |
CVSS V2: 8.8 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. If a user is tricked into visiting a malicious site, the attacker could cause the file to be automatically downloaded to any folder to which the user has write permissions.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0434 | CVE-2007-5850 | Apple Mac OS X Desktop service buffer overflow vulnerability |
CVSS V2: 8.8 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. A heap overflow vulnerability exists in Desktop Services.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0426 | CVE-2007-4710 | Apple Mac OS X of ColorSync Memory corruption vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0424 | CVE-2007-4708 | Apple Mac OS X of Address Book Format string vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200712-0432 | CVE-2007-5848 | Apple Mac OS X of CUPS Vulnerable to buffer overflow |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
1) A signedness error exists within the processing of ASN1 encoded
strings from SNMP responses.
For more information:
SA28129
The vulnerability affects openSUSE 10.2 and 10.3 only.
x86 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-22.6.i586.rpm
e844b0c92d437c25e71c9be92c3d6ee4
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-1.2.12-22.6.i586.rpm
7f3525adc1a7ab85f3650fd9adf69bc8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1.2.12-22.6.i586.rpm
88ea6ba071bd51ee23b87c5d13a551b6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.2.12-22.6.i586.rpm
5a41077855e2e502d6c1cfb5e369ef8b
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.9.i586.rpm
c4163c0ad47db8221f9b1ea41bdbf259
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.9.i586.rpm
b55019f39c36ea6ef3352635b7093705
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.9.i586.rpm
f83d6477eb8f1c2ed76ba1f4b896ced3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.9.i586.rpm
295394a3fdc59c155d1683a3084df888
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.35.i586.rpm
a5efab6d27bc1262873d4b467e288bbd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.35.i586.rpm
69b85c943b27dccf4fd3c69072ee01de
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.35.i586.rpm
8ab20affa8deb5a6d75481e244935761
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.35.i586.rpm
79005dc03c94da463a65b6313a06515e
Power PC Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-22.6.ppc.rpm
63f5378c91584358555df660d128cc0f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1.2.12-22.6.ppc.rpm
835d0e286f18d2fa5bba7fa6a0ecef60
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.2.12-22.6.ppc.rpm
47bf9d7837037bc8ea2394a3c63cdf2e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2.12-22.6.ppc.rpm
7421ec50af012b698f9f3e55b8dc15db
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.9.ppc.rpm
ccabb5d2c72bc5fa707289b1d2529884
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.9.ppc.rpm
06e88fbb162d9505027071cfb49c2981
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.9.ppc.rpm
fdd75eb988613f025a6882e509e6f8db
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.9.ppc.rpm
cf062d8d41eddd7eef98fb9518db4f26
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.35.ppc.rpm
2abd05fc5936cb3b3c54af60dc9f4cce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.35.ppc.rpm
e503e321ae5683fe8ea66084616fe0f1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.35.ppc.rpm
5c5c12e135f4f3a3dd752a24f165c80c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.35.ppc.rpm
17b18d3827777331560d97ff934f7a2b
x86-64 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.12-22.6.x86_64.rpm
f04e3ddc357e5c81e6db4170d2d773e7
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-client-1.2.12-22.6.x86_64.rpm
8b91333502a71746b16a77369d062b33
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.6.x86_64.rpm
6599150352f49d5494125502a86d8930
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.6.x86_64.rpm
c1635a3dab2ddda61b1ea7ed835334f8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.6.x86_64.rpm
e84064f49db1ec54dbf9247148d91ee7
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.9.x86_64.rpm
a71b6141bac10ef6b32fd156e107afa6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.9.x86_64.rpm
971d1b6ed9965673b232c18c8c6897f0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.9.x86_64.rpm
dcca8172ada73a69773b2be6e6b5a46e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.9.x86_64.rpm
e418b6e5ab33453fabb81a0a64d72587
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12.9.x86_64.rpm
4c9bb5f870772967b8dcb6d47e4118c5
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.35.x86_64.rpm
56c999311218649e26f5e5b745f206de
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.35.x86_64.rpm
f7f80373487516f8258f5d32497deade
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.35.x86_64.rpm
7b734519a2317ad3b706e2661c67fc3f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.35.x86_64.rpm
facfda468d147b872cd003cf38dd385d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-40.35.x86_64.rpm
48fdaa964afc64d86ebb59670a2100fb
Sources:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-22.6.src.rpm
ed83be3003be5537bdbf50274c6fea06
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.9.src.rpm
9c0ba6d4e3c15b81642d65d5e5582ef2
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.35.src.rpm
ca0082ed490367ee4dba961dd1d5081f
Open Enterprise Server
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html
SUSE SLES 9
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html
ORIGINAL ADVISORY:
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html
OTHER REFERENCES:
SA28129:
http://secunia.com/advisories/28129/
SA28136:
http://secunia.com/advisories/28136/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
I.
Further details are available in the related vulnerability notes. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
For more information:
SA27543
SOLUTION:
Apply Security Update 2007-009.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The Red Hat Security Team also found two flaws in CUPS 1.1.x where
a malicious user on the local subnet could send a set of carefully
crafted IPP packets to the UDP port in such a way as to cause CUPS
to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash
(CVE-2008-0596).
Finally, another flaw was found in how CUPS handled the addition and
removal of remote printers via IPP that could allow a remote attacker
to send a malicious IPP packet to the UDP port causing CUPS to crash
(CVE-2008-0882).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
71c1bd1c9099440da3e9afcfe4636525 corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm
a73fba38dbcf62fd4c64590e5d754126 corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm
60b6e82788d5b0c51f68b0db44e31240 corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm
419d078e2df1396531c23cbbf2f2785d corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm
064e5b42b27c90602bf8e7c47200bef8 corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm
5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm
Corporate 3.0/X86_64:
c33aff1c5bab9bce22f7a018f2fbfe7d corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm
ba1cba41b479e332e8d43652af86756d corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm
211561645f6743343a0a9189ecd8e24e corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm
d1cb2198f9b73cfb5d2ae3d69bacf12c corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm
104350956cda23c2e2f5bb05a22df9c7 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm
5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHxGl7mqjQ0CJFipgRAgVuAJ9rJyJ0ysTKDyXgzUhz1Yl5SEP38wCg9SSt
G00zNYjRErOH1eJ5lnnUNVs=
=sKtb
-----END PGP SIGNATURE-----
| VAR-200711-0301 | CVE-2007-4674 | Apple QuickTime Video file processing stack-based buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. The issue also affects Apple TV 1.0 up to and including 2.1.
The specific flaw exists within the parsing of a malformed movie atom.
Specifying a large size will result in a stack overflow.
-- Vendor Response:
Apple has issued an update to correct this vulnerability.
1) An error in the processing of movie atoms can be exploited to
cause a stack-based buffer overflow.
For more information see vulnerability #8 in:
SA27523
2) An error in the processing of STSZ atoms can be exploited to
corrupt memory.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Cody Pierce, TippingPoint DVLabs
2) Reported by an anonymous person via ZDI.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-310A
Apple QuickTime Updates for Multiple Vulnerabilities
Original release date: November 06, 2007
Last revised: --
Source: US-CERT
Systems Affected
Vulnerabilities in Apple QuickTime affect
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.3 resolves multiple vulnerabilities in the way
different types of image and media files are handled.
Note that Apple iTunes installs QuickTime, so any system with iTunes
is vulnerable.
II. For further information, please see About the security
content of QuickTime 7.3.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.3. This and other updates for Mac OS X are
available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.
References
* About the security content of the QuickTime 7.3 Update -
<http://docs.info.apple.com/article.html?artnum=306896>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime Download - <http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-310A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
November 6, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn
LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5
ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+
dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY
yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG
lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ==
=9WUY
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Gentoo update for win32codecs
SECUNIA ADVISORY ID:
SA29182
VERIFY ADVISORY:
http://secunia.com/advisories/29182/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/
DESCRIPTION:
Gentoo has issued an update for win32codecs. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
For more information:
SA21893
SA27523
SA27755
SOLUTION:
Update to "media-libs/win32codecs-20071007-r2" or later.
Note: This update removes the affected binary Quicktime library.
ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200803-08.xml
OTHER REFERENCES:
SA21893:
http://secunia.com/advisories/21893/
SA27523:
http://secunia.com/advisories/27523/
SA27755:
http://secunia.com/advisories/27755/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
Win32 binary codecs provide support for video and audio playback.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/win32codecs < 20071007-r2 >= 20071007-r2
Description
===========
Multiple buffer overflow, heap overflow, and integer overflow
vulnerabilities were discovered in the Quicktime plugin when processing
MOV, FLC, SGI, H.264 and FPX files.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the
Quicktime libraries have been removed from the package. Please use the
free alternative Quicktime implementations within VLC, MPlayer or Xine
for playback.
References
==========
[ 1 ] CVE-2006-4382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382
[ 2 ] CVE-2006-4384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384
[ 3 ] CVE-2006-4385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385
[ 4 ] CVE-2006-4386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386
[ 5 ] CVE-2006-4388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388
[ 6 ] CVE-2006-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
[ 7 ] CVE-2007-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674
[ 8 ] CVE-2007-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-200711-0277 | CVE-2007-5581 | Cisco Unified MeetingPlace of mpweb/scripts/mpx.dll Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
Exploiting these issues may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Unified MeetingPlace 6.0, 5.4, 5.3, and prior versions. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. An input filtering vulnerability exists when MeetingPlace processes user data.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Input passed to certain parameters (e.g."FirstName" and "LastName")
in mpweb/scripts/mpx.dll is not properly sanitised before being
returned to a user. These can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
SOLUTION:
Apply hotfix 5.4.156.2E or 6.0.244.1A, available via Cisco TAC
(Technical Assistance Center).
PROVIDED AND/OR DISCOVERED BY:
Joren McReynolds
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200711-0540 | CVE-2007-5116 | Perl Buffer Overflow Vulnerability in Regular Expression Engine |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input. This facilitates the remote compromise of affected computers.
Perl 5.8 is vulnerable to this issue; other versions may also be affected. An error in the way Perl's regular expression engine calculates the space required to process regular expressions could allow a local attacker to elevate privileges.
For the stable distribution (etch), this problem has been fixed in
version 5.8.8-7etch1.
For the old stable distribution (sarge), this problem has been fixed in
version 5.8.4-8sarge6.
For the unstable distribution (sid), this problem will be fixed soon.
Some architectures are missing from this DSA; these updates will be
released once they are available.
We recommend that you upgrade your perl package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6.dsc
Size/MD5 checksum: 1031 653d1eaa085e027d325a520653e9785c
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6.diff.gz
Size/MD5 checksum: 103931 b8c617d86f3baa2cd35bde936c0a76d5
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5 checksum: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent components:
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge6_all.deb
Size/MD5 checksum: 38810 ff950bde09387a4023efff595fcb7b80
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge6_all.deb
Size/MD5 checksum: 7049010 803d0a25ddd6d3a75769b39fd44c1b21
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge6_all.deb
Size/MD5 checksum: 2178698 8f6bbe7db6414444fd5dbfb7786e6b76
Alpha architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_alpha.deb
Size/MD5 checksum: 804866 47b0bbfc0d2544132ac23e7bbd6fd81f
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_alpha.deb
Size/MD5 checksum: 1008 dddcaa51b3b5b67c881b49a996e83944
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_alpha.deb
Size/MD5 checksum: 3902134 e2170d1b691a118df3a3277e6f4b0af9
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_alpha.deb
Size/MD5 checksum: 874688 bdb3fc1c1e0bed8bc37292f12ec9e803
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_alpha.deb
Size/MD5 checksum: 4132780 e2539f2b62fd1a394f5424a534e9a51d
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_alpha.deb
Size/MD5 checksum: 37086 dd82f2321b96bc531e16857848bece42
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_amd64.deb
Size/MD5 checksum: 605148 b613969a68e576543f18f56b1956e78e
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_amd64.deb
Size/MD5 checksum: 1000 613477a3ba3f93013fa7a7776022d8e9
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_amd64.deb
Size/MD5 checksum: 3834172 7f354043d2e7bbee72c710982e4f9074
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_amd64.deb
Size/MD5 checksum: 791816 3541cf654fc59dd564c7af6642fae4df
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_amd64.deb
Size/MD5 checksum: 3935362 38fb00c40a25985bf22cfe9805543349
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_amd64.deb
Size/MD5 checksum: 32846 2f8cd32f087f60c61457f73f75fe3781
ARM architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb
Size/MD5 checksum: 613158 30cd5528198d49208274e50e60611b0a
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb
Size/MD5 checksum: 1026 fc64aa8b67f46fcccb6d85db7cb242ad
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb
Size/MD5 checksum: 3132808 226a69d4fa30d1e0a40f4d761826c230
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb
Size/MD5 checksum: 737524 b4aaf84bd60fef147d1131c5ffbc6a0a
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb
Size/MD5 checksum: 3719460 8e8d12058f9f7fb9e153d4c3ff79d0f4
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb
Size/MD5 checksum: 29880 faa9dc0401eb667e202e12f2d2cf9643
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_hppa.deb
Size/MD5 checksum: 654704 4efe04a8f2a81c81860148da029a88a8
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_hppa.deb
Size/MD5 checksum: 1006 5081a0e11c583460919427c5b0c99a0d
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_hppa.deb
Size/MD5 checksum: 3922234 a2b4f6549b23dd3a6c11ff97b6377d3d
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_hppa.deb
Size/MD5 checksum: 867856 0955f80a504eb620dbab22129fe96dd3
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_hppa.deb
Size/MD5 checksum: 3910388 59e8e003f4d65c3e42785226c90d5466
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_hppa.deb
Size/MD5 checksum: 34496 46aee518b3411566edf62ea822e0edfd
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_i386.deb
Size/MD5 checksum: 567034 2edc13b9a19f6291bb300bcc28b815bd
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_i386.deb
Size/MD5 checksum: 508698 9f275f4137b40e5cd465e3073527ad34
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_i386.deb
Size/MD5 checksum: 3239308 bd4934402fadbd7c6c6c00260a4ecb88
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_i386.deb
Size/MD5 checksum: 753218 4f70cd1586e664189be02a84247efe5d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_i386.deb
Size/MD5 checksum: 3736626 8710f57842322a711abf6161f57e9bc1
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_i386.deb
Size/MD5 checksum: 31706 d4e08f75b79d3bb75b4bdea55d668b6f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_ia64.deb
Size/MD5 checksum: 866526 1f01d28dbc0d3fac81fbf120d048896a
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_ia64.deb
Size/MD5 checksum: 1000 07c5c9823c9ff29b96ce76c63e4dfd16
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_ia64.deb
Size/MD5 checksum: 4027978 0919c0c823170c46578a52df90f69cfc
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_ia64.deb
Size/MD5 checksum: 1046706 7f724a26677aa52c39182a5109bd3bf9
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_ia64.deb
Size/MD5 checksum: 4534722 9a16fed74de4e2e0c43b1135c15df9d3
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_ia64.deb
Size/MD5 checksum: 50106 e73b65a4b267ca99ba48ef64de4dfdc1
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb
Size/MD5 checksum: 457778 f25f1ebbbb4a5ce7b7a4a79c6256987e
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb
Size/MD5 checksum: 1040 9882ea5db94e569a35209a66c74bb390
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb
Size/MD5 checksum: 3815032 321dd2b80abad424b678f260d18f323a
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb
Size/MD5 checksum: 692196 733bfa10857d842bd907f408b03a8b3d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb
Size/MD5 checksum: 3008672 81a0d0613ebe7b9affcd56174e1f955c
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb
Size/MD5 checksum: 27934 68de12bace4cf3de7a339b25119b1611
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb
Size/MD5 checksum: 657066 7e2c9980c630b3aa1e60348a4998665a
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb
Size/MD5 checksum: 1032 3da5c1e82b6194beac8fe7020a38d7a3
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb
Size/MD5 checksum: 3384320 edfa53822abb7626b2bfd6ac4d5923df
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb
Size/MD5 checksum: 781078 f4a7b2e1bbd95c9381503b382d35ba58
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb
Size/MD5 checksum: 4017490 ddca3a084b7c9f1b841bd3f93e39a1d0
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb
Size/MD5 checksum: 32314 51f707f1c1d3df1c3ad05dc545512c10
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_mipsel.deb
Size/MD5 checksum: 653134 bbb4600b3f9f2512fe9a9233bd06370e
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_mipsel.deb
Size/MD5 checksum: 1008 42770abda5e92de95a180097e8588304
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_mipsel.deb
Size/MD5 checksum: 3125468 db2214e0762dab59ebe7237fbe8d80b2
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_mipsel.deb
Size/MD5 checksum: 781866 c3b6aa7d16d60fc0a083601801d57cdd
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_mipsel.deb
Size/MD5 checksum: 3967958 2d941edd8a70f1461f4bc7ec9b97a396
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_mipsel.deb
Size/MD5 checksum: 32426 c16e24f77488ab690b9c73d33e9fd7be
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_powerpc.deb
Size/MD5 checksum: 624852 fc0e31770a095b3180e8d29daac7ccc7
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_powerpc.deb
Size/MD5 checksum: 988 5668a4e4abcab40b924c2855c4c34f62
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_powerpc.deb
Size/MD5 checksum: 3509282 9e72e0a6a0d0108d701e9071e0ed4c3b
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_powerpc.deb
Size/MD5 checksum: 790186 fa6005f52c5a101e053dc24e5247f025
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_powerpc.deb
Size/MD5 checksum: 3700840 fe73cfba8f036b63839141d4a0564d49
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_powerpc.deb
Size/MD5 checksum: 33564 e6d5ea2116ea4f5332c1ce887aa9b727
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_s390.deb
Size/MD5 checksum: 604302 92d8311292f70764bafc0b015818d39d
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_s390.deb
Size/MD5 checksum: 996 8870e77ca4719c8cc1c67f6ac15ee36c
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_s390.deb
Size/MD5 checksum: 3819836 84eed51f2f162825d3bda29af8ddb203
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_s390.deb
Size/MD5 checksum: 800590 ee302b41b1d011e089cb43db508415ef
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_s390.deb
Size/MD5 checksum: 4235554 367b0ca68cd88842507c781cbb0e1f84
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_s390.deb
Size/MD5 checksum: 33240 54ef9ae270587bb4c88f0e2b25d73347
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_sparc.deb
Size/MD5 checksum: 582166 027797bd12344393503ebae3344dfd43
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_sparc.deb
Size/MD5 checksum: 1006 4183b345e38cd2dcbca8c24cf3d02918
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_sparc.deb
Size/MD5 checksum: 3547444 716f93769b9aa9c442044f9fe96c77c7
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_sparc.deb
Size/MD5 checksum: 775850 6ef7c40ecdd6e08dbb37d0c02f8c89a2
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_sparc.deb
Size/MD5 checksum: 3840628 e665c9ff077083f5719b7574e24fae05
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_sparc.deb
Size/MD5 checksum: 31038 64fcafc906130c016eb45f2394c5b4a8
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1.dsc
Size/MD5 checksum: 1033 92799d6842afb4c5a9cbf483591b2c36
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1.diff.gz
Size/MD5 checksum: 93005 caec226784d13b4108af359206f4dfe9
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7
Architecture independent components:
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch1_all.deb
Size/MD5 checksum: 40906 ac1a3065102a3bb7920a976833f1d3cc
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch1_all.deb
Size/MD5 checksum: 7348690 c36b83c80b2c35515f3e6dec6451fda1
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch1_all.deb
Size/MD5 checksum: 2313532 915e64aecc9e15678125def5267ea809
Alpha architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_alpha.deb
Size/MD5 checksum: 821314 682e53e9c6736c48e31ea26e8697c870
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_alpha.deb
Size/MD5 checksum: 1016 252a644a15275db90c1a9273e6f3b854
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_alpha.deb
Size/MD5 checksum: 4135606 4925efac08f96859a7c8b47b886e0533
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_alpha.deb
Size/MD5 checksum: 877900 03dce75ac1f4c9765a24f6f25ba01251
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_alpha.deb
Size/MD5 checksum: 2928420 1a9ab7809416b7cfc068180646414576
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_alpha.deb
Size/MD5 checksum: 36248 927d991a17103561f701fb56d512279d
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_amd64.deb
Size/MD5 checksum: 630480 cdfbd258b8ee105250f389c3adfdc16e
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_amd64.deb
Size/MD5 checksum: 1010 101f7c5357740b63a670ae874a3a498a
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_amd64.deb
Size/MD5 checksum: 4238220 a2a9c0db784cc91e249f23e5564207bd
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_amd64.deb
Size/MD5 checksum: 808804 469c3fd8e358d917225dd49f987bbf8d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_amd64.deb
Size/MD5 checksum: 2734912 d34da61c02d263e230b55f911d2dc748
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_amd64.deb
Size/MD5 checksum: 32798 afac9013d139c7ab1276f50cc35f4512
ARM architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_arm.deb
Size/MD5 checksum: 561934 9739f475931e29fb26e23873df727e04
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_arm.deb
Size/MD5 checksum: 1018 77926e3d601fe1ed9bd75ef5a854d4e4
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_arm.deb
Size/MD5 checksum: 3412144 73c5f41073926ea641d06032b0c5d228
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_arm.deb
Size/MD5 checksum: 760246 574a68af0f13bc1a80d97c0eaa9ca4fc
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_arm.deb
Size/MD5 checksum: 2545942 7fb21c951bfd70b24e9b63a4025059f4
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_arm.deb
Size/MD5 checksum: 30358 ed5a223824e775a2e37b8e492e25abcb
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_hppa.deb
Size/MD5 checksum: 693944 441ce7894fc9d46c3a285b8681097a24
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_hppa.deb
Size/MD5 checksum: 1014 068b7030ce2e74328a567f560690e208
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_hppa.deb
Size/MD5 checksum: 4192184 916514f48c2d5ab511aac0c9d878d133
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_hppa.deb
Size/MD5 checksum: 868288 7eb4c3e38c25285bc6a0ab6dc5a1d770
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_hppa.deb
Size/MD5 checksum: 2735540 ff004f914a26621775d0247834e78cae
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_hppa.deb
Size/MD5 checksum: 33210 c035eeb23dc4a1e04444065ae75f7b24
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_i386.deb
Size/MD5 checksum: 585382 a27a344126f78b50c6874887ba8a7dec
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_i386.deb
Size/MD5 checksum: 526956 2ae05903f4a08189e5319c4ca869828a
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_i386.deb
Size/MD5 checksum: 3578468 e6a886c21a58d96083d0385ef602df75
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_i386.deb
Size/MD5 checksum: 762180 e7d2c75b547db6c71e77395461c62e82
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_i386.deb
Size/MD5 checksum: 2491880 f01678cc32a118929a22ee765ccd4768
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_i386.deb
Size/MD5 checksum: 32094 56c5c6dded2172596d6bbea68d94068e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_ia64.deb
Size/MD5 checksum: 977484 94fd1bb72f48559786abedc8b0ea6107
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_ia64.deb
Size/MD5 checksum: 1006 9272b8f38e0b68c7143401bbe0dd10b3
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_ia64.deb
Size/MD5 checksum: 4335608 4caae66d357b7c8f6a9d3b6ec1b98ac1
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_ia64.deb
Size/MD5 checksum: 1153272 e61d597589339745c714ada2fa54d397
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_ia64.deb
Size/MD5 checksum: 3364174 d31a368b96392b89af59fbb529c81d20
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_ia64.deb
Size/MD5 checksum: 51270 84b6fde3b7ed1898b59267b994efb4ff
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_mipsel.deb
Size/MD5 checksum: 687114 8973b906567dd752c73039a89dcb14ee
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_mipsel.deb
Size/MD5 checksum: 1012 47029166d1e495ad05a251d4946fbdc2
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_mipsel.deb
Size/MD5 checksum: 3413386 5ff0e279c6934b01d4bf163a5b171584
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_mipsel.deb
Size/MD5 checksum: 784352 dece00126cd1cf8c07ec673bd8043e6d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_mipsel.deb
Size/MD5 checksum: 2729528 194373b4343008cc33b345744b7935fa
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_mipsel.deb
Size/MD5 checksum: 32336 98092e70a5ea30153ec32f1d87cde1e4
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_powerpc.deb
Size/MD5 checksum: 653158 7b39e1fb1a940e19ebe4e9df9f6c1abb
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_powerpc.deb
Size/MD5 checksum: 1010 4f68cd00058bfe50e5353cc2f1027e30
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_powerpc.deb
Size/MD5 checksum: 3824518 514b283d68bdb8ab5f8211b86fba6dd7
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_powerpc.deb
Size/MD5 checksum: 810514 54511356fc749a7518d6339d4832ab3e
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_powerpc.deb
Size/MD5 checksum: 2709230 f62606ee2641c529eed8d6f2aff8489e
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_powerpc.deb
Size/MD5 checksum: 32902 de438d275e8c95f5dba5096386f3bdbd
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_sparc.deb
Size/MD5 checksum: 594254 32f78d47a9fdb90ac99363642330cea5
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_sparc.deb
Size/MD5 checksum: 1012 b4cdde1e439f59c484701a503271f3ba
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_sparc.deb
Size/MD5 checksum: 3796708 d85383c57b38d1da74f5d4fed6e33c02
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_sparc.deb
Size/MD5 checksum: 783042 675e8693a697b670936108a3baeded7f
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_sparc.deb
Size/MD5 checksum: 2565704 7419d49d4b7ac54b849d432177a3ff36
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_sparc.deb
Size/MD5 checksum: 31072 40d9e6abb0fd11019912c4877c8bf3ac
These files will probably be moved into the stable distribution on
its next update.
References:
[0] http://www.perl.com/
____________________________________________________________________________
Primary Package Name: perl
Primary Package Home: http://openpkg.org/go/package/perl
Corrected Distribution: Corrected Branch: Corrected Package:
OpenPKG Community CURRENT perl-5.8.8-20071108
____________________________________________________________________________
For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities
Date: December 12, 2014
Bugs: #196865, #335508, #483632, #508322
ID: 201412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in AMD64 x86 emulation base
libraries, the worst of which may allow remote execution of arbitrary
code.
Background
==========
AMD64 x86 emulation base libraries provides pre-compiled 32-bit
libraries.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/emul-linux-x86-baselibs
< 20140406-r1 >= 20140406-r1
Description
===========
Multiple vulnerabilities have been discovered in AMD64 x86 emulation
base libraries. Please review the CVE identifiers referenced below for
details.
Impact
======
A context-dependent attacker may be able to execute arbitrary code,
cause a Denial of Service condition, or obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All users of the AMD64 x86 emulation base libraries should upgrade to
the latest version:
# emerge --sync
# emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"
NOTE: One or more of the issues described in this advisory have been
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no
longer affected by them.
References
==========
[ 1 ] CVE-2007-0720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720
[ 2 ] CVE-2007-1536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536
[ 3 ] CVE-2007-2026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026
[ 4 ] CVE-2007-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445
[ 5 ] CVE-2007-2741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741
[ 6 ] CVE-2007-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108
[ 7 ] CVE-2007-4995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995
[ 8 ] CVE-2007-5116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116
[ 9 ] CVE-2007-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135
[ 10 ] CVE-2007-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266
[ 11 ] CVE-2007-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268
[ 12 ] CVE-2007-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269
[ 13 ] CVE-2007-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849
[ 14 ] CVE-2010-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 15 ] CVE-2013-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338
[ 16 ] CVE-2013-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339
[ 17 ] CVE-2013-1664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664
[ 18 ] CVE-2013-1969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969
[ 19 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
[ 20 ] CVE-2014-0160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0001
Synopsis: Moderate OpenPegasus PAM Authentication Buffer
Overflow and updated service console packages
Issue date: 2008-01-07
Updated on: 2008-01-07
CVE numbers: CVE-2007-5360 CVE-2007-5398 CVE-2007-4572
CVE-2007-5191 CVE-2007-5116 CVE-2007-3108
CVE-2007-5135
- -------------------------------------------------------------------
1. Summary:
Updated service console patches
2. Relevant releases:
ESX Server 3.0.2 without patches ESX-1002969, ESX-1002970, ESX-1002971,
ESX-1002975, ESX-1002976
ESX Server 3.0.1 without patches ESX-1002962, ESX-1002963, ESX-1002964,
ESX-1002968, ESX-1002972, ESX-1003176
3. Problem description:
I OpenPegasus PAM Authentication Buffer Overflow
Alexander Sotirov from VMware Security Research discovered a
buffer overflow vulnerability in the OpenPegasus Management server.
This flaw could be exploited by a malicious remote user on the
service console network to gain root access to the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5360 to this issue.
RPM Updated: pegasus-2.5-552927
VM Shutdown: No
Host Reboot: No
Note: ESX Server 3.5 and ESX Server 3i are not affected by this
issue.
ESX Server 3.0.2
http://download3.vmware.com/software/vi/ESX-1002970.tgz
md5sum: d19115e965d486e72100ce489efea707
http://kb.vmware.com/kb/1002970
ESX Server 3.0.1
http://download3.vmware.com/software/vi/ESX-1003176.tgz
md5sum: 5674ca0dcfac90726014cc316444996e
http://kb.vmware.com/kb/1003176
ESX Server 2.5.x
Users should remove the OpenPegasus CIM Management rpm. This
component is disabled by default, and VMware recommends that you
do not use this component of ESX Server 2.x. If you want to
use the CIM functionality, upgrade to ESX Server 3.0.1 or a later
release.
Note: This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
II Service Console package security updates
a. Updated Samba package
An issue where attackers on the service console management
network can cause a stack-based buffer overflow in the
reply_netbios_packet function of nmbd in Samba. On systems
where Samba is being used as a WINS server, exploiting this
vulnerability can allow remote attackers to execute arbitrary
code via crafted WINS Name Registration requests followed by a
WINS Name Query request.
An issue where attackers on the service console management
network can exploit a vulnerability that occurs when Samba is
configured as a Primary or Backup Domain controller. The
vulnerability allows remote attackers to have an unknown impact
via crafted GETDC mailslot requests, related to handling of
GETDC logon server requests.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5398 and CVE-2007-4572 to these
issues.
Note: By default Samba is not configured as a WINS server or a domain
controller and ESX is not vulnerable unless the administrator
has changed the default configuration.
This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
RPM Updated:
samba-3.0.9-1.3E.14.1vmw
samba-client-3.0.9-1.3E.14.1vmw
samba-common-3.0.9-1.3E.14.1vmw
VM Shutdown: Yes
Host Reboot: Yes
ESX Server 3.5.0 is not affected by this issue
ESX Server 3.0.2
http://download3.vmware.com/software/vi/ESX-1002975.tgz
md5sum: 797a7494c2c4eb49629d3f94818df5dd
http://kb.vmware.com/kb/1002975
ESX Server 3.0.1
http://download3.vmware.com/software/vi/ESX-1002968.tgz
md5sum: 5106d90afaf77c3a0d8433487f937d06
http://kb.vmware.com/kb/1002968
ESX Server 2.5.5 download Upgrade Patch 3
ESX Server 2.5.4 download Upgrade Patch 14
b. Updated util-linux package
The patch addresses an issue where the mount and umount
utilities in util-linux call the setuid and setgid functions in
the wrong order and do not check the return values, which could
allow attackers to gain elevated privileges via helper
application such as mount.nfs.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5191 to this issue.
RPM Updated:
util-linux-2.11y-31.24vmw
losetup-2.11y-31.24vmw
mount -2.11y-31.24vmw
VM Shutdown: Yes
Host Reboot: Yes
ESX Server 3.0.2
http://download3.vmware.com/software/vi/ESX-1002976.tgz
md5sum: 0fe833c50c0ecb0ff9340d6674be2e43
http://kb.vmware.com/kb/1002976
ESX Server 3.0.1
http://download3.vmware.com/software/vi/ESX-1002972.tgz
md5sum: 59ca4a43f330c5f0b7a55693aa952cdc
http://kb.vmware.com/kb/1002972
c.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5116 to this issue.
RPM Updated:
perl-5.8.0-97.EL3
VM Shutdown: Yes
Host Reboot: Yes
ESX Server 3.0.2
http://download3.vmware.com/software/vi/ESX-1002971.tgz
md5sum: 337b09d9ae4b1694a045e216b69765e1
http://kb.vmware.com/kb/1002971
ESX Server 3.0.1
http://download3.vmware.com/software/vi/ESX-1002964.tgz
md5sum: d47e26104bfd5e4018ae645638c94487
http://kb.vmware.com/kb/1002964
d. Updated OpenSSL package
A flaw in the SSL_get_shared_ciphers() function can allow an
attacker to cause a buffer overflow problem by sending ciphers
to applications that use the function.
A possible vulnerability that would allow a local attacker to
obtain private RSA keys being used on a system using the OpenSSL
package.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3108, and CVE-2007-5135 to these
issues.
RPM Updated:
openssl-0.9.7a-33.24
VM Shutdown: Yes
Host Reboot: Yes
ESX Server 3.0.2
http://download3.vmware.com/software/vi/ESX-1002969.tgz
md5sum: 72fd28a9f9380158db149259fbdcaa3b
http://kb.vmware.com/kb/1002969
ESX Server 3.0.1
http://download3.vmware.com/software/vi/ESX-1002962.tgz
md5sum: a0727bdc2e1a6f00d5fe77430a6ee9d6
http://kb.vmware.com/kb/1002962
ESX Server 2.5.5 download Upgrade Patch 3
ESX Server 2.5.4 download Upgrade Patch 14
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
ESX Server 3.x Patches:
http://www.vmware.com/download/vi/vi3_patches.html
ESX Server 2.x Patches:
http://www.vmware.com/download/esx/esx2_patches.html
ESX Server 2.5.5 Upgrade Patch 3
http://download3.vmware.com/software/esx/esx-2.5.5-65742-upgrade.tar.gz
md5sum: 9068250fdd604e8787ef40995a4638f9
http://www.vmware.com/support/esx25/doc/esx-255-200712-patch.html
ESX Server 2.5.4 Upgrade Patch 14
http://download3.vmware.com/software/esx/esx-2.5.4-65752-upgrade.tar.gz
md5sum: 24990b9207f882ccc91545b6fc90273d
http://www.vmware.com/support/esx25/doc/esx-254-200712-patch.html
5. References:
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce@lists.vmware.com
* bugtraq@securityfocus.com
* full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHgtXJS2KysvBH1xkRCPnYAJoDMpdOmgs4e+JQ610SCjnKF99wpgCfcVO3
UCcAvs574f1LCZv+8lPQvrk=
=Hzno
-----END PGP SIGNATURE-----
.
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
7dee97092269465ccb5de0f35321ab13 2007.0/i586/perl-5.8.8-7.1mdv2007.0.i586.rpm
efd626e1f1efd248e6c6570e88a599c3 2007.0/i586/perl-base-5.8.8-7.1mdv2007.0.i586.rpm
62b10d28a5abc05d3b8cd35c7f68e8aa 2007.0/i586/perl-devel-5.8.8-7.1mdv2007.0.i586.rpm
3a9dc19143ab6a27713fdeb6665d8d76 2007.0/i586/perl-doc-5.8.8-7.1mdv2007.0.i586.rpm
60b511580ae4f514434dd111efa42872 2007.0/i586/perl-suid-5.8.8-7.1mdv2007.0.i586.rpm
08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
be33f079454aec3b88f21716dfacf8d6 2007.0/x86_64/perl-5.8.8-7.1mdv2007.0.x86_64.rpm
5a82850218434119c3f55047b3068213 2007.0/x86_64/perl-base-5.8.8-7.1mdv2007.0.x86_64.rpm
4f995ed4fa46f2bf79a427d9341e895b 2007.0/x86_64/perl-devel-5.8.8-7.1mdv2007.0.x86_64.rpm
e949a7e20661c6c5f4c4511f25196ff6 2007.0/x86_64/perl-doc-5.8.8-7.1mdv2007.0.x86_64.rpm
a3df44cc0b957b02bfcab3eed98542dd 2007.0/x86_64/perl-suid-5.8.8-7.1mdv2007.0.x86_64.rpm
08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
efb800025ab3001b90af0e16e5a49886 2007.1/i586/perl-5.8.8-10.1mdv2007.1.i586.rpm
515beec177dd5a0418090016ae357274 2007.1/i586/perl-base-5.8.8-10.1mdv2007.1.i586.rpm
ae79195a6f27e44fd4ff7899497cf948 2007.1/i586/perl-devel-5.8.8-10.1mdv2007.1.i586.rpm
f721306e820d4c66db3466917cde67f9 2007.1/i586/perl-doc-5.8.8-10.1mdv2007.1.i586.rpm
85a219e5b2c3788841024be8d81b2cac 2007.1/i586/perl-suid-5.8.8-10.1mdv2007.1.i586.rpm
9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
1a17302f843293a5dc0063fe3e4549c0 2007.1/x86_64/perl-5.8.8-10.1mdv2007.1.x86_64.rpm
c85ba481d517ec81c54eea5bc7064405 2007.1/x86_64/perl-base-5.8.8-10.1mdv2007.1.x86_64.rpm
5d3b84a1444339a83058bc3493506d22 2007.1/x86_64/perl-devel-5.8.8-10.1mdv2007.1.x86_64.rpm
005d395a8717bd5af248820eb01cc1d8 2007.1/x86_64/perl-doc-5.8.8-10.1mdv2007.1.x86_64.rpm
f6c966ea032f921f033934d1f894b96b 2007.1/x86_64/perl-suid-5.8.8-10.1mdv2007.1.x86_64.rpm
9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
6e84010549818c839e91034391b79f4f 2008.0/i586/perl-5.8.8-12.1mdv2008.0.i586.rpm
f09541f2caf348aee64161cecdf7276e 2008.0/i586/perl-base-5.8.8-12.1mdv2008.0.i586.rpm
dce7ae7aba1d356fd366075b67478493 2008.0/i586/perl-devel-5.8.8-12.1mdv2008.0.i586.rpm
b3169afea74fd707021d03410172b6c0 2008.0/i586/perl-doc-5.8.8-12.1mdv2008.0.i586.rpm
78585fde0ad5b02f3e7c0f01d31a1ccf 2008.0/i586/perl-suid-5.8.8-12.1mdv2008.0.i586.rpm
584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
6ee9071cb1b0a6f38e731b1cd9a421e7 2008.0/x86_64/perl-5.8.8-12.1mdv2008.0.x86_64.rpm
d7bd85fb101d94bf1dc84bcf817533d7 2008.0/x86_64/perl-base-5.8.8-12.1mdv2008.0.x86_64.rpm
031487e27d7f2a12003efe8ab714a096 2008.0/x86_64/perl-devel-5.8.8-12.1mdv2008.0.x86_64.rpm
3c1846b134cbd1461ffd291a95f6e2d2 2008.0/x86_64/perl-doc-5.8.8-12.1mdv2008.0.x86_64.rpm
99f545fefe35f45b5d90d2f98fe14da5 2008.0/x86_64/perl-suid-5.8.8-12.1mdv2008.0.x86_64.rpm
584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm
Corporate 3.0:
9388a0766403e1accc6afc3d963960ba corporate/3.0/i586/perl-5.8.3-5.6.C30mdk.i586.rpm
a67623fb7d2e4e18ca8976c64e43a4ca corporate/3.0/i586/perl-base-5.8.3-5.6.C30mdk.i586.rpm
9068ad50c3e10c29940bb071651a8d4d corporate/3.0/i586/perl-devel-5.8.3-5.6.C30mdk.i586.rpm
a8a2e1b1963c212e4644c320f27c71d3 corporate/3.0/i586/perl-doc-5.8.3-5.6.C30mdk.i586.rpm
15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm
Corporate 3.0/X86_64:
f2f7445b49d5d7afa7b3766d71bdf65f corporate/3.0/x86_64/perl-5.8.3-5.6.C30mdk.x86_64.rpm
ef5dabb99fdbe28068089eba1fd8bcc4 corporate/3.0/x86_64/perl-base-5.8.3-5.6.C30mdk.x86_64.rpm
4a5a04a330db20f460229aa69ded5e95 corporate/3.0/x86_64/perl-devel-5.8.3-5.6.C30mdk.x86_64.rpm
2bc06d931706f57fa946822f9396ffd6 corporate/3.0/x86_64/perl-doc-5.8.3-5.6.C30mdk.x86_64.rpm
15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm
Corporate 4.0:
e158109794ad5e71bc02f41adec150e1 corporate/4.0/i586/perl-5.8.7-3.3.20060mlcs4.i586.rpm
03c680726cf01c3d8f25cb7d61d7bb10 corporate/4.0/i586/perl-base-5.8.7-3.3.20060mlcs4.i586.rpm
51f55a3998dbcf2e9abcf821ffb3026f corporate/4.0/i586/perl-devel-5.8.7-3.3.20060mlcs4.i586.rpm
f936e8720be0d37223b8a97dc2ed2704 corporate/4.0/i586/perl-doc-5.8.7-3.3.20060mlcs4.i586.rpm
b4068ddb2d92f4845c29a6b3ca8feef5 corporate/4.0/i586/perl-suid-5.8.7-3.3.20060mlcs4.i586.rpm
3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
c42250a8c42a0e349102ff977c6659cc corporate/4.0/x86_64/perl-5.8.7-3.3.20060mlcs4.x86_64.rpm
82d2bcbda0229415464c10471f881517 corporate/4.0/x86_64/perl-base-5.8.7-3.3.20060mlcs4.x86_64.rpm
7f07eddd92d4c49b3ee5c32c69d52996 corporate/4.0/x86_64/perl-devel-5.8.7-3.3.20060mlcs4.x86_64.rpm
140b57c79fc305a52e13ce5550e7d05c corporate/4.0/x86_64/perl-doc-5.8.7-3.3.20060mlcs4.x86_64.rpm
ec3007ca202716e0c3872c37141fc2cc corporate/4.0/x86_64/perl-suid-5.8.7-3.3.20060mlcs4.x86_64.rpm
3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
8ea5d389e9ddd9ca2e1b78869ad14ca7 mnf/2.0/i586/perl-5.8.3-5.6.M20mdk.i586.rpm
f53bd974980010568e5153578d628323 mnf/2.0/i586/perl-base-5.8.3-5.6.M20mdk.i586.rpm
1335c295512b38ea524e201c66551132 mnf/2.0/i586/perl-devel-5.8.3-5.6.M20mdk.i586.rpm
8e306b59ecbb8583d5c1e4e74ef62e34 mnf/2.0/i586/perl-doc-5.8.3-5.6.M20mdk.i586.rpm
7576ea8ec817978b4602f5bf4c3436c5 mnf/2.0/SRPMS/perl-5.8.3-5.6.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHL9FBmqjQ0CJFipgRAhxaAJ44oWRrf/Q1Zj9q+HP4Y3pj9Y8XugCg398H
Rl9c0TwvCe/HjAyI42+NhlU=
=o1R+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
Background
==========
Perl is a stable, cross-platform programming language created by Larry
Wall. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01362465
Version: 1
HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-19
Last Updated: 2008-02-19
Potential Security Impact: Execution of Arbitrary Code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in Perl 5.8.7 and earlier running on HP Tru64 UNIX.
References: CVE-2007-5116
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Tru64 UNIX v 5.1B-4
HP Tru64 UNIX v 5.1B-3
Internet Express (IX) for HP Tru64 UNIX v 6.7
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score
CVE-2007-5116 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kits:
The Associated Products CD (APCD) associated with HP Tru64 UNIX v 5.1B-5
Internet Express (IX) for HP Tru64 UNIX v 6.8
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
The ERP kits distribute the following items:
Patched version of Perl v 5.8.8 including source code
HP Tru64 UNIX Version v5.1B-4
PREREQUISITE: HP Tru64 UNIX v5.1B-4 PK6 (BL27)
Name: perl_V51BB27-ES-20080207
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=perl_V51BB27-ES-20080207
HP Tru64 UNIX Version v5.1B-3
PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26)
Name: perl_V51BB26-ES-20080204
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001399-V51BB26-ES-20071207
Internet Express (IX) for HP Tru64 UNIX v 6.7
PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) or HP Tru64 UNIX v5.1B-3 PK5 (BL26)
NOTE: Use the Perl patch kit appropriate to the operating system version
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Version:1 (rev.1) - 19 February 2008 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners