VARIoT IoT vulnerabilities database
| VAR-200606-0559 | CVE-2006-2924 | Ingate Firewall/SIParator SSL/TLS Handshake Denial of service vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. Ingate Firewall and SIParator products are prone to a remote denial-of-service vulnerability.
This vulnerability is exploitable only if SSL/TLS has been enabled in the SIP module or in the webserver.
Versions of Ingate Firewall and SIParator prior to 4.4.1 are vulnerable to this issue.
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
Ingate Firewall and SIParator Two Vulnerabilities
SECUNIA ADVISORY ID:
SA20479
VERIFY ADVISORY:
http://secunia.com/advisories/20479/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, DoS
WHERE:
>From remote
OPERATING SYSTEM:
Ingate SIParator 4.x
http://secunia.com/product/5687/
Ingate Firewall 4.x
http://secunia.com/product/4050/
DESCRIPTION:
Two vulnerabilities have been reported in Ingate Firewall and
SIParator, which can be exploited by malicious people to conduct
cross-site scripting attacks and to cause a DoS (Denial of Service).
1) An error exists within the handling of SSL/TLS handshake in the
SIP module and in the web server. This can be exploited to cause the
modules to crash via a specially-crafted handshake.
Successful exploitation requires that SSL/TLS is enabled.
2) Input passed to unspecified parameters in the web interface isn't
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in an
administrator's browser session in context of the web interface.
SOLUTION:
Update to version 4.4.1.
http://www.ingate.com/upgrades.php
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.ingate.com/relnote-441.php
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200606-0464 | CVE-2006-2900 | Mozilla Firefox allows cross-domain iframe access via JavaScript |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system.
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
SOLUTION:
Disable Active Scripting support.
Do not enter suspicious text when visiting untrusted web sites.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26095
VERIFY ADVISORY:
http://secunia.com/advisories/26095/
CRITICAL:
Highly critical
IMPACT:
Cross Site Scripting, Spoofing, DoS, System access
WHERE:
>From remote
SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to conduct spoofing and cross-site
scripting attacks and potentially to compromise a user's system.
1) Various errors in the browser engine can be exploited to cause
memory corruption and potentially to execute arbitrary code.
2) Various errors in the Javascript engine can be exploited to cause
memory corruption and potentially to execute arbitrary code.
3) An error in the "addEventListener" and "setTimeout" methods can be
exploited to inject script into another site's context, circumventing
the browser's same-origin policy.
4) An error in the cross-domain handling can be exploited to inject
arbitrary HTML and script code in a sub-frame of another web site.
This is related to vulnerability #5 in:
SA21906
5) An unspecified error in the handling of elements outside of
documents allows an attacker to call an event handler and execute
arbitrary code with chrome privileges.
6) An unspecified error in the handling of "XPCNativeWrapper" can
lead to execution of user-supplied code.
SOLUTION:
Update to version 2.0.0.5.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron,
Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats
Palmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy.
2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov.
3, 5) The vendor credits moz_bug_r_a4
4) Ronen Zilberman and Michal Zalewski
6) The vendor credits shutdown and moz_bug_r_a4.
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
OTHER REFERENCES:
SA21906:
http://secunia.com/advisories/21906/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
The vulnerability is caused due to an error within the handling of
"about:blank" pages loaded by chrome in an addon. This can be
exploited to execute script code under chrome privileges by e.g.
clicking on a link opened in an "about:blank" window created and
populated in a certain ways by an addon.
Successful exploitation requires that certain addons are installed.
http://www.mozilla.com/en-US/firefox/
Thunderbird:
Fixed in the upcoming version 2.0.0.6.
http://www.mozilla.com/en-US/thunderbird/
SeaMonkey:
Fixed in the upcoming version 1.1.4.
For more information:
SA26201
PROVIDED AND/OR DISCOVERED BY:
moz_bug_r_a4
CHANGELOG:
2007-07-31: Updated "Description". Added link to vendor advisory. "mailto", "news", "nntp", "snews", "telnet"). using
Firefox visits a malicious website with a specially crafted "mailto"
URI containing a "%" character and ends in a certain extension (e.g.
The vulnerability is confirmed on a fully patched Windows XP SP2 and
Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and
Netscape Navigator version 9.0b2. Other versions and browsers may
also be affected.
SOLUTION:
Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY:
Vulnerability discovered by:
* Billy (BK) Rios
Firefox not escaping quotes originally discussed by:
* Jesper Johansson
Additional research by Secunia Research.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-297B
Adobe Updates for Microsoft Windows URI Vulnerability
Original release date: October 24, 2007
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet
Explorer 7 and any of the following Adobe products:
* Adobe Reader 8.1 and earlier
* Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
* Adobe Reader 7.0.9 and earlier
* Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and
earlier
Overview
Adobe has released updates for the Adobe Reader and Adobe Acrobat
product families. The update addresses a URI handling vulnerability in
Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
I. Description
Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server
2003 changes the way Windows handles Uniform Resource Identifiers
(URIs). This change has introduced a flaw that can cause Windows to
incorrectly determine the appropriate handler for the protocol
specified in a URI. More information about this vulnerability is available in
US-CERT Vulnerability Note VU#403150.
Public reports indicate that this vulnerability is being actively
exploited with malicious PDF files. Adobe has released Adobe Reader
8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.
II.
III. Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to
address this issue. These Adobe products handle URIs in a way that
mitigates the vulnerability in Microsoft Windows.
Disable the mailto: URI in Adobe Reader and Adobe Acrobat
If you are unable to install an updated version of the software, this
vulnerability can be mitigated by disabling the mailto: URI handler in
Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin
APSB07-18 for details.
Appendix A. Vendor Information
Adobe
For information about updating affected Adobe products, see Adobe
Security Bulletin APSB07-18.
Appendix B. References
* Adobe Security Bulletin APSB07-18 -
<http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
* Microsoft Security Advisory (943521) -
<http://www.microsoft.com/technet/security/advisory/943521.mspx>
* US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-297B Feedback VU#403150" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 24, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H
3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ
lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s
VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57
4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI
LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==
=PgB9
-----END PGP SIGNATURE-----
| VAR-200606-0465 | CVE-2006-2901 | D-Link DWL-2100AP Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. D-Link DWL-2100ap is a popular wireless access point. Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions Required for Attack An attacker must access D-Link DWL-2100AP. Vulnerability Information D-Link DWL-2100AP is a wireless router device. Test method http: //dlink-DWL-2100ap/cgi-bin/Intruders.cfg Vendor solutions can use the following third-party patches: http://www.dlinkbrasil.com.br/internet/downloads/Wireless/DWL-2100AP /DWL2100AP-firmware-v210na-r0343.tfp. D-Link DWL-2100AP devices are susceptible to a remote information-disclosure vulnerability. The devices fail to properly secure configuration information. This may aid them in further attacks.
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
D-Link DWL-2100AP Exposure of Configuration Files
SECUNIA ADVISORY ID:
SA20474
VERIFY ADVISORY:
http://secunia.com/advisories/20474/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From local network
OPERATING SYSTEM:
D-Link DWL-2100AP
http://secunia.com/product/4116/
DESCRIPTION:
A security issue has been reported in D-Link DWL-2100AP, which can be
exploited by malicious people to disclose sensitive information.
The problem is caused due to configuration files being stored
insecurely inside the "cgi-bin" directory.
Example:
http://[host]/cgi-bin/[file].cfg
The security issue has been reported in firmware version 2.10na.
Other versions may also be affected.
SOLUTION:
Filter traffic to the web interface of an affected device.
PROVIDED AND/OR DISCOVERED BY:
Wendel Guglielmetti Henrique and Intruders Tiger Team Security.
ORIGINAL ADVISORY:
http://www.intruders.org.br/adv0206en.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200606-0512 | CVE-2006-2838 | F-Secure Anti-Virus and Internet Gatekeeper Vulnerable to buffer overflow |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. F-Secure Anti-Virus is prone to a denial-of-service vulnerability.
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
The vulnerability is caused due to an unspecified boundary error
within the web console prior to authentication and can be exploited
to cause a buffer overflow.
Successful exploitation crashes the web console process and may
potentially allow execution of arbitrary code. The
criticality of the vulnerability therefore depends on how the web
console has been configured to accept connections.
SOLUTION:
Update to a fixed version or apply hotfix.
-- F-Secure Anti-Virus for Microsoft Exchange --
Apply hotfix for version 6.40:
ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip
-- F-Secure Internet Gatekeeper --
Update to version 6.60 or apply hotfix (for version 6.50):
ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mikko Korppi.
ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2006-3.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200703-0528 | CVE-2007-1504 | Interstage Application Server cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability. As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.An arbitrary script may be executed on the user's web browser. iNTERSTAGE Application Server Standard Edition is prone to a cross-site scripting vulnerability.
SOLUTION:
The vendor recommends setting error pages for both HTTP status codes
404 and 500 (see vendor advisory for details).
The vendor is reportedly working on patches.
PROVIDED AND/OR DISCOVERED BY:
Daiki Fukumori, Secure Sky Technology.
ORIGINAL ADVISORY:
Fujitsu:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html
http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200701.html
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html
OTHER REFERENCES:
JVN:
http://jvn.jp/jp/JVN%2383832818/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200701-0295 | CVE-2007-0537 | KDE kdelibs Cross-site scripting vulnerability due to title tag |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. As a result, authentication information may be leaked. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: KHTML: Cross-site scripting (XSS) vulnerability
Date: March 10, 2007
Bugs: #165606
ID: 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The KHTML component shipped with the KDE libraries is prone to a
cross-site scripting (XSS) vulnerability.
Background
==========
KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. KHTML is the HTML interpreter used in
Konqueror and other parts of KDE.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8
Description
===========
The KHTML code allows for the execution of JavaScript code located
inside the "Title" HTML element, a related issue to the Safari error
found by Jose Avila.
Impact
======
When viewing a HTML page that renders unsanitized attacker-supplied
input in the page title, Konqueror and other parts of KDE will execute
arbitrary JavaScript code contained in the page title, allowing for the
theft of browser session data or cookies.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All KDElibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8"
References
==========
[ 1 ] CVE-2007-0537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
[ 2 ] CVE-2007-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200703-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-420-1 February 06, 2007
kdelibs vulnerability
CVE-2007-0537
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
kdelibs4c2 4:3.4.3-0ubuntu2.2
Ubuntu 6.06 LTS:
kdelibs4c2a 4:3.5.2-0ubuntu18.2
Ubuntu 6.10:
kdelibs4c2a 4:3.5.5-0ubuntu3.1
After a standard system upgrade you need to restart your session to
effect the necessary changes. By
tricking a Konqueror user into visiting a malicious website, an attacker
could bypass cross-site scripting protections.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz
Size/MD5: 330443 7bf67340aef75bbafe1bf0f517ad0677
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc
Size/MD5: 1523 9a013d5dc8f7953036af99dd264f9811
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb
Size/MD5: 6970448 a0a541bd78cb848da8aa97ac4b29d0fe
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb
Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb
Size/MD5: 30714 8ec392ba5ba0f78e9b12dd9d025019d6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 926668 3e7c767a9eeb80d0a85640d7dbfb53d7
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 1309046 e73c5de672193ac0385a28dd3accf646
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 22552842 287114119aee64a256f8fce295e9d034
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb
Size/MD5: 9109026 aa34fe2f02d9772ad8e25bb36e573505
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 814498 1eace86f58caf3f936c77e749a45ffc6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 1305652 0ce209d9c2c5ed846dbb1edc16fe5606
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb
Size/MD5: 8072650 9caf6a826bb790e309036555f40b9b8d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 909782 0a1cbec28532ca006c7ddcb6990a6e65
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 1310430 f31f57e3c37f8c12e586cfa0084dc203
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb
Size/MD5: 8433768 18b2c898ed6d40844c19635d8b85e8a2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 831058 158b90fe780e29e6618cf4b7f9f96bc8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 1307028 b1c14bf29a7622ac3844c68a652bf21c
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb
Size/MD5: 8241130 26c0145f1abb71b0a3ea5a89214df223
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz
Size/MD5: 477706 5d236a3b69a4bae7b81d337e58a2c3fe
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc
Size/MD5: 1609 0a27d1f21c1374d8abf8ea0dba0abf79
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb
Size/MD5: 7083858 f74b97726f683b5eca3798bd8f7ae2a1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb
Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb
Size/MD5: 35748 636e14773798c30ddf4c0a87b3d5cd39
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 925624 1ba9b88fc6456c6dac97693532412fde
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 1355626 1458250a60303a07ad551ce343ae23ec
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb
Size/MD5: 9406898 7f952f591c7345216bfc0bb42277875d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 814970 cc6ae65176411013a8dea78a77151e25
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 1352256 1ceee31122ff0fe680fbdbebbd6c8ced
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb
Size/MD5: 8334452 427cd25652287fc52ba2bdbd028c2f33
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 1356968 a6e62679f09dbafa54137204af905494
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb
Size/MD5: 8689506 0b3b6f533712eb6a8143827d2b01b015
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 827096 17f46503797d14c6be17c7fd890ac843
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 23623320 36aefb75ec36a60d3308392842556130
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 1353298 9627c92acea5abc671668d0b5ecfd744
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb
Size/MD5: 8491558 dd2fe11d276e78bb16bd42bc34452c20
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz
Size/MD5: 734200 8d5db0d6c6070468a32841b75a9e0d83
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc
Size/MD5: 1691 7a23f4f003e66e4a4fb90f620a0de347
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz
Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb
Size/MD5: 7210528 1e62a8249a44e98da5ba24c1eaa1d4f0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb
Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb
Size/MD5: 37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb
Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb
Size/MD5: 1345432 c2cd5e2b9433e629ae366965b47c30c6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb
Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb
Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb
Size/MD5: 1343076 5e46eaa9d38a6876671efd18ac052ef5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb
Size/MD5: 9555316 4573d9f461ff2a441a13ac744e8f27e5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb
Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb
Size/MD5: 1347170 df48d8bc10826c2805d607f4d52eb738
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb
Size/MD5: 9782346 4d5986ecf7ace1bd5bf275d101f98e03
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb
Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb
Size/MD5: 1343134 cc62c0d393cacc36a552c304cee9b2a1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb
Size/MD5: 9473018 dfff27cb2bcb323d51d4b16e11453d49
. Also affects kdelibs 3.5.6,
as per KDE official advisory.
Updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
290249d063eb99aa0267060e28bd3d63 2007.1/i586/kdelibs-common-3.5.6-11.1mdv2007.1.i586.rpm
0392bf166e2b95b8274f67e24066dc8a 2007.1/i586/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.i586.rpm
06107eb81ff8b184812f7a8ae31b52b9 2007.1/i586/libkdecore4-3.5.6-11.1mdv2007.1.i586.rpm
ffb71260989867bcec7d7fae45b86b5a 2007.1/i586/libkdecore4-devel-3.5.6-11.1mdv2007.1.i586.rpm
2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
258cf38cce814a12a44c79c283de7c3d 2007.1/x86_64/kdelibs-common-3.5.6-11.1mdv2007.1.x86_64.rpm
70b9d63ac375ba65fb6c6b526dfe80f0 2007.1/x86_64/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.x86_64.rpm
ee0681c70efd4cebb72a23b773d56f09 2007.1/x86_64/lib64kdecore4-3.5.6-11.1mdv2007.1.x86_64.rpm
664da181e64ab3f343b265cac6de0e87 2007.1/x86_64/lib64kdecore4-devel-3.5.6-11.1mdv2007.1.x86_64.rpm
2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvN99mqjQ0CJFipgRAkoiAJ9cYCEKSJXMFS0+C1kOsR82hamhUQCdHdlA
0d14cDmgZcJ1DxJi7dCNr3E=
=ix0J
-----END PGP SIGNATURE-----
| VAR-200701-0407 | CVE-2007-0478 | Safari Used in WebCore Vulnerable to cross-site scripting attacks |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
----------------------------------------------------------------------
Secunia is proud to announce the availability of the Secunia Software
Inspector.
Try it out online:
http://secunia.com/software_inspector/
----------------------------------------------------------------------
TITLE:
Safari HTML Parsing Weakness
SECUNIA ADVISORY ID:
SA23893
VERIFY ADVISORY:
http://secunia.com/advisories/23893/
CRITICAL:
Not critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
Safari 2.x
http://secunia.com/product/5289/
DESCRIPTION:
Jose Avila III has discovered a weakness in Safari, which can
potentially be exploited by malicious people to conduct cross-site
scripting attacks.
The weakness is caused due to an error in the parsing of comments
within certain tags of an HTML document. Arbitrary HTML and script
code in a comment tag is executed in a user's browser session when
preceded by the corresponding closing tag (e.g. the title tag).
Successful exploitation is possible on web sites that allow users to
insert unsanitised HTML and script code within a comment into such a
tag.
The weakness is confirmed in Safari 2.0.4. Other versions may also be
affected.
SOLUTION:
Do not browse untrusted sites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: KHTML: Cross-site scripting (XSS) vulnerability
Date: March 10, 2007
Bugs: #165606
ID: 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The KHTML component shipped with the KDE libraries is prone to a
cross-site scripting (XSS) vulnerability.
Background
==========
KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. KHTML is the HTML interpreter used in
Konqueror and other parts of KDE.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8
Description
===========
The KHTML code allows for the execution of JavaScript code located
inside the "Title" HTML element, a related issue to the Safari error
found by Jose Avila.
Impact
======
When viewing a HTML page that renders unsanitized attacker-supplied
input in the page title, Konqueror and other parts of KDE will execute
arbitrary JavaScript code contained in the page title, allowing for the
theft of browser session data or cookies.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All KDElibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8"
References
==========
[ 1 ] CVE-2007-0537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
[ 2 ] CVE-2007-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200703-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
7882590402c82ff347205c176380153e 2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm
01c4eb64ef06a8a8759843be0c07a920 2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm
e63e9a2d3a07d3f2cfa20e495a5b1010 2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm
1ad276143d78de84b08606a815eecda9 2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm
34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
081d768881b4f012e75854738189327d 2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm
051e3625e87627e52c47590961523b51 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm
6a2b0171144925bd21073553816f33b1 2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm
ae2202556fccf0bb820ed3e8401825ec 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm
34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm
Corporate 3.0:
6afd1be3e42d77e131e44f9ed969c80e corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm
c00a10231de66159fecb2106e56ec1ca corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm
733852a68f994ace4eb35017342443fb corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm
4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm
Corporate 3.0/X86_64:
418170a92387d41c49f3d32c91c97c9b corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm
590e047f677eb717c40a9e2fd77590e8 corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm
ec04fe80ee4a983e1ad98f54d75681af corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm
4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm
Corporate 4.0:
2dc94e4e225b74d3f2e283b04c836273 corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm
826d76e2f3d50f48513ed18c4360dd67 corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm
f7dad3711d9406d1123428f2c0cd9453 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm
88f0164705a9d71f21c3c4edfe7822b2 corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm
e00f9222203a3c51a747a694e3ab32c7 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm
79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
88d9b2f945bd62aa89b5f7743320cc0a corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm
c1e462eaeb2127939d0d3775fb7a04a4 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm
a559376fde6f8513904010fc377293e7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm
d97e4c4dd9859b6e43f3399e3e2c5fa1 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm
f3e43bca041aeca542bba33a0bac1d43 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm
79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc
7PYBsjk/ZTsogFdYFeWPWdc=
=r0d9
-----END PGP SIGNATURE-----
| VAR-200708-0459 | CVE-2007-3747 | CoreAudio To Java Vulnerability in arbitrary code execution in the interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0468 | CVE-2007-2410 | WebCore Vulnerable to cross-site scripting attacks |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0464 | CVE-2007-2406 | Quartz Composer Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0467 | CVE-2007-2409 | WebCore Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0465 | CVE-2007-2407 | Apple Mac OS X Running on Samba Server vulnerabilities that use more disk space than allocated |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0463 | CVE-2007-2405 | PDFKit of Preview Integer underflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0461 | CVE-2007-2403 | CFNetwork Any in FTP To server FTP Vulnerabilities triggered by sending commands |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0462 | CVE-2007-2404 | CFNetwork In CRLF Injection vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0460 | CVE-2007-3748 | iChat of UPnP IGD Implementation buffer overflow vulnerability |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0458 | CVE-2007-3746 | CoreAudio To Java Vulnerability in arbitrary code execution in the interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0457 | CVE-2007-3745 | CoreAudio To Java An arbitrary memory release vulnerability in the interface |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. A remote attacker could exploit this vulnerability to take control of a user's system by enticing the user to visit a malicious web page.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow
arbitrary code execution.
For more information:
SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device
Standardized Device Control Protocol) code in iChat can be exploited
on the local network to crash the application or to execute arbitrary
code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
For more information:
SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized
Device Control Protocol) code in mDNSResponder can be exploited on the
local network to crash the application or to execute arbitrary code,
by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200708-0456 | CVE-2007-3744 | mDNSResponder of UPnP IGD Implementation heap-based buffer overflow vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. BACKGROUND
mDNSResponder is part of the Bonjour suite of applications. Bonjour is
used to provide automatic and transparent configuration of network
devices. It is similar to UPnP, in that the goal of both is to allow
users to simply plug devices into a network without worrying about
configuration details. mDNSResponder runs by default on both Server and
Workstation. More information can be found on the vendor's website.
http://developer.apple.com/opensource/internet/bonjour.html
II.
The vulnerability exists within the Legacy NAT Traversal code. Unlike
the core of the mDNSResponder service, this area of code does not rely
on Multicast UDP. It listens on a dynamically allocated Unicast UDP
port.
The vulnerability occurs when parsing a malformed HTTP request. This
results in an exploitable heap overflow.
III. No
authentication is needed to exploit this vulnerability.
Failed attempts will result in the service crashing. Shortly after
crashing, it will be restarted.
IV. Previous versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. More information is available at the following URL.
http://docs.info.apple.com/article.html?artnum=306172
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-3744 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
07/26/2007 Initial vendor notification
07/26/2007 Initial vendor response
08/07/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Neil Kettle (mu-b) of
www.digit-labs.org.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: mDNSResponder: Multiple vulnerabilities
Date: January 20, 2012
Bugs: #290822
ID: 201201-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in mDNSResponder, which could
lead to execution of arbitrary code with root privileges.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/mDNSResponder < 212.1 >= 212.1
Description
===========
Multiple vulnerabilities have been discovered in mDNSResponder. Please
review the CVE identifiers referenced below for details.
Resolution
==========
All mDNSResponder users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/mDNSResponder-212.1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since November 21, 2009. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2007-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2386
[ 2 ] CVE-2007-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3744
[ 3 ] CVE-2007-3828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3828
[ 4 ] CVE-2008-0989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989
[ 5 ] CVE-2008-2326
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2326
[ 6 ] CVE-2008-3630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3630
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26235
VERIFY ADVISORY:
http://secunia.com/advisories/26235/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be
exploited to run arbitrary FTP commands in context of the user's FTP
client, when a user is enticed to click on a specially crafted FTP
URI.
2) An input validation error can cause applications using CFNetwork
to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which
can be exploited to free arbitrary memory, when a user is enticed to
visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio,
which can be exploited to read or write out of bounds of the
allocated heap by enticing a user to visit a web site containing a
specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio,
which can be exploited to instantiate or manipulate objects outside
the bounds of the allocated heap, when a user is enticed to visit a
web site containing a specially crafted Java applet.
8) Some vulnerabilities in Kerberos can be exploited by malicious
users and malicious people to compromise a vulnerable system.
10) An integer underflow exists in PDFKit within the handling of PDF
files in Preview and may be exploited to execute arbitrary code when
a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), to bypass certain security restrictions, to conduct
cross-site scripting attacks, or to compromise a vulnerable system.
For more information:
SA24814
SA24356
SA24440
SA24505
SA24542
SA25123
12) An error exists in Quartz Composer due to an uninitialized object
pointer when handling Quartz Composer files and may be exploited to
execute arbitrary code when a specially crafted Quartz Composer file
is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA25232
14) An unspecified error in Samba can be exploited to bypass file
system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by
malicious people to disclose and manipulate certain sensitive
information or to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks.
For more information:
SA16987
SA20406
SA21354
SA23195
SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by
malicious people to conduct cross-site scripting attacks or to bypass
certain security restrictions.
For more information:
SA24732
SA25383
SA25721
17) An error in WebCore can be exploited to load Java applets even
when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site
scripting attacks.
For more information see vulnerability #1 in:
SA23893
19) An error in WebCore can be exploited by malicious people to gain
knowledge of sensitive information.
For more information see vulnerability #2 in:
SA23893
20) An error in WebCore when handling properties of certain global
objects can be exploited to conduct cross-site scripting attacks when
navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain
Name (IDN) support and Unicode fonts embedded in Safari can be
exploited to spoof a URL.
This is similar to:
SA14164
22) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library in WebKit and used by the JavaScript engine in Safari
can be exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information:
SA15047
SOLUTION:
Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal):
http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal):
http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC):
http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC):
http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9):
http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Steven Kramer, sprintteam.nl.
14) The vendor credits Mike Matz, Wyomissing Area School District.
17) The vendor credits Scott Wilde.
19) Secunia Research
22) The vendor credits Charlie Miller and Jake Honoroff of
Independent Security Evaluators.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES:
SA13237:
http://secunia.com/advisories/13237/
SA15047:
http://secunia.com/advisories/15047/
SA16987:
http://secunia.com/advisories/16987/
SA20406:
http://secunia.com/advisories/20406/
SA21354:
http://secunia.com/advisories/21354/
SA22588:
http://secunia.com/advisories/22588/
SA23195:
http://secunia.com/advisories/23195/
SA23893:
http://secunia.com/advisories/23893/
SA24814:
http://secunia.com/advisories/24814/
SA24356:
http://secunia.com/advisories/24356/
SA24440:
http://secunia.com/advisories/24440/
SA24505:
http://secunia.com/advisories/24505/
SA24542:
http://secunia.com/advisories/24542/
SA24732:
http://secunia.com/advisories/24732/
SA25800:
http://secunia.com/advisories/25800/
SA25123:
http://secunia.com/advisories/25123/
SA25200:
http://secunia.com/advisories/25200/
SA25232:
http://secunia.com/advisories/25232/
SA25383:
http://secunia.com/advisories/25383/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200606-0487 | CVE-2006-2761 | Hitachi Hitsenser3 Unknown SQL Injection Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Hitachi HITSENSER3 HITSENSER3 / PRP, HITSENSER3 / PUP, HITSENSER3 / STP, and HITSENSER3 / EUP have SQL injection vulnerabilities. HITSENSER3 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Versions 01-02 through 01-08 are vulnerable to this issue.
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
Successful exploitation allows bypassing of user authentication.
The vulnerability has been reported in versions 01-02 through 01-08
of the following products:
* HITSENSER3/PRP Model C-A7120-072
* HITSENSER3/PUP Model C-A7120-082
* HITSENSER3/STP Model C-A7120-092
* HITSENSER3/EUP Model C-A7120-102
SOLUTION:
Update to version 01-08-/A.
Users can contact Hitachi support service for the update.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------