Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200712-0433 CVE-2007-5849 CUPS of SNMP Backend program for integer overflow vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. Apple Common Unix Printing System (CUPS) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is a vulnerability when CUPS processes SNMP requests containing malformed data, and remote attackers may exploit this vulnerability to control the server. There is a symbol error in the asn1_get_string() function in the backend/snmp.c file of CUPS. =========================================================== Ubuntu Security Notice USN-563-1 January 09, 2008 cupsys vulnerabilities CVE-2007-5849, CVE-2007-6358 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.6 Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.2 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.2 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.diff.gz Size/MD5: 96854 c42f659f650a9c0d81bdb4f8ba7004bf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.dsc Size/MD5: 1049 01c4bd2466a668f82bc852b2658e3f24 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.6_all.deb Size/MD5: 996 b0b0b7b1a5b04ac737c6c1c506bf0a1d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 36242 0d64ba11e2e59e2f089fdb40efed1565 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 81910 3f9240a0ac855620f13662ecd48224d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 2285594 073223e345043bfa56f5d173393cbbfe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 6094 dcb63118059086cdf2fe9f66eab3c9ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 75942 d4483bb658545cbedcafa65e9a6ee045 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 25746 39cf872611b0f62f54b38953374b1c01 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 128784 dbf0ce78d28f3a62d2ef67074a04facb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 34776 16593bfabe944044a1c0c87fd006111b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 77984 67af7dd120fda3fabd5bf1bcde0ecaa0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 2253134 7d5f6f3d3343cf0f4873042947c3265f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 6096 2b68e82e024d376d649cd3b3c14cf378 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 75008 b9b5873df6f6e12ca694404e0ae1397a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 25742 3d4a30e76a7ab05dddc49967c5af6206 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 121008 75fa970f801c819ca2e37f42ccda165a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 40466 e078800e5e94fa64a451cdbb8414acc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 89536 b9a20806c2b91bd7370686ea3b8588da http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 2300252 9252b6866259c84e63ee4dba67083ed8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 6096 4d677d45da127c45c81ce3889a9256a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 77702 2e05e968244b734744f1fce8ebfafb33 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 25752 9f7ba4ffc1c72e78047d983554e32512 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 126772 8246a4b5933201f0f247f30ab5a97944 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 35396 9193306b04ba1d9bcf0d22225cc839e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 78730 bce8c7563b87f3327a134c451364ce21 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 2286800 833891fe2b553542324e93bb306c9da4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 6098 700ed2ed4032bae2bc5f7ad1b0938f65 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 74964 84b65d7d0127cc488d2aed110b7d9086 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 25740 fa32e9fe9c0d429a1159e41b07d5964f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 122514 1e818d01773b5bc86b9f56e8022d6863 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.diff.gz Size/MD5: 110832 2971bd952368028e975fd00a20ce501b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.dsc Size/MD5: 1059 e98ea8935c9ceed519d111d32e552586 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.2_all.deb Size/MD5: 869636 834405f963c7a9ce3b3d69f09e1805fe amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 36710 d6b14470183b492c8a0695ae3cf5820d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 82508 1f22c18ad0618cae8fd9b161debe997c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 1480116 da71d67953ad08e275d92429aff51456 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 6122 869caee45ed45ef339c86eb51a114920 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 95102 8f5848eddffc362517e4ff676f835973 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 26142 8ec6a04b1c0389911e1f1dc9e5377536 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 171840 f8215cbe5fe52dd32a598cbc7f27a8a1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 36264 c1ce097acea2435d13a0773986769641 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 80106 cbc3b76611aaece014e555a170dca185 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 1463248 4d326335153bdf16670b4d6b23309adb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 6122 f3ee8c280dffbcb1be2e30087818fc12 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 94910 b56efddf07944953ee6c93a357392ab5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 26140 062e3f1216765e325ed4bbc0dff04df5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 168962 ff967163df3e0c10338ebccecf816fa2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 41804 90c6b755b81eac7f64cffdc410781637 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 91146 93b16b2504ca56ca57ca562ccd109a42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 1497758 d713cc8d5962474285cfcb8f4d5c9387 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 6126 61c3a759bc71ed557194b123ee547425 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 97286 e4da8af1c90ae24bd767317aa8cfcf4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 26138 fcd8753ebf0b695dea0375e713a85ea2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 172252 27806a56e06673bd3fe961f650939193 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 36282 2b0888242ed98acf5f8214598a191ac4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 80234 819d971ba0a287fc39f8ffe60a8dea46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 1488822 33280b196dd0f5e372c01f679fa6b92a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 6128 36f672bc145cc881f6ed0d501532c889 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 94144 b270ae4767e5a5a4f664686c688e4c83 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 26142 e951c05414d91657af1774951ff0b49c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 168272 9c24a04995a400f1c868398d14b31740 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.diff.gz Size/MD5: 155988 d5eeee8bb5b1be8f20732ddc15a146b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.dsc Size/MD5: 1143 0669aaa760ed047edc4f9a942882f01d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.2_all.deb Size/MD5: 925994 663b23d61cc43e14a45a4079a1b53d14 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 37404 c857fcb86cf6fbc5a1fe7dcb93bcfc9c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 83234 cb15baea3370ad40ad903ecdd5c2a150 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 1638028 f9e0e6d0ab30836134b18e68f515aa24 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 56372 45a35748bebb147b1ece7fc2318fe5d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 103904 3ec48e9e35555d39718da7dfa12296e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 144844 d7a36d83f016f81978d77334df958abe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 181906 504d933b448fea5199083007de9def13 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 36728 a9d95dd94c95b39fba113bad0ba83d31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 80756 002c4adb90d4aeb46f22cf043c2a3c5d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 1620614 dfd8630f8aa3bfc7a3603ab89376bbdc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 55450 15f5048b3543a2506d1b65937c145c10 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 103602 621c142a15a018a53fb4e1c731dd6273 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 139324 45c10a2df595a6e2d911e2ff3ab4a405 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 178200 41745eaf4b7e638c6294c0c7d272e91b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 46770 7b7c32c212787825b4c8ce5f23f11e9f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 101104 8a64784b5b11dbd2633de705b6803702 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 1695072 a9a974ada7cab231ed81c03a91ddc6fa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 56224 859a93733a404b6336815740c704cb31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 109462 b57a9c49d5a186cb0a90ceff60fe3e0c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 141176 03a25641a1d1f0cc3daaff277fc9a1fe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 187796 4f7930d31e79c8e80c3002305f628abb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 37776 4b82dbd83e2d0ab3b8a37a1819df2be0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 83754 ca7d3f04b938edf84d4495ee28401947 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 1658640 516e63f4be8670977ede42a5931f84d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 54742 c393dd034b59bdb312caa88e6e5a2518 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 103154 cca146d09d3d96060aae19ed28c9bad0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 141756 8ac1af17f52affe05290eda3f632a5c2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 177460 7a2e8e00865878da7823113b9c82fe96 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.diff.gz Size/MD5: 123551 3081910dc48c0bf26861c418898424e5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.dsc Size/MD5: 1218 31f9a51331fdef642f68181a96e48b90 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.3_all.deb Size/MD5: 1080422 55bbe3cc2879bf863ea481de00a87d38 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 37090 c208eccfeb8c01c9c9cf69d533e48875 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 89264 d75e34c37e473f37049e9b8d56da85f9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 2033330 19317bd0287cd2ffb107a79cb10221b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 59894 669b27a09c281c6627ac6f90cdaa9d6c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 46744 3bf6625d4362c0b737f8092a5ce5d8f2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 152012 918fb853dabc5e4f9b01d141a700cdd6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 185064 9ba4383cca2c676c115f0896c4d3f7ac i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 36386 a9cc51dd1d0bfb023a1723094b5dc8fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 86266 a5a5f183b0072355dc7f6d7da0cc6150 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 2016958 1a403efd5824fdd4aabc01d6fd4be80d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 58630 05c449135359e5dff074bb09d35ab993 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 46096 190e2a501bcc471b47b19c0fab1e6faf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 145700 6bace8671d4aabfb12981f35bf90e3fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 181864 48bdde0f8e4419ed820aad223f04a78e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 46396 d418a342f7bcc3c62a00b6aaa91f6a55 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 107534 b5021ac12d34feaa894822833a80f96c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 2098076 ce2bbaac830121b2e332e1d6be7f2812 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 59338 a2e1ed47fc41b154279fa991d1b83b63 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 51684 5dc5292ba6c5957c6906a1ec10425389 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 146958 ca1a231a2fead08a3a291a98016ad164 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 190810 df39b95fd46271a4102fa86991687d87 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 37476 ad024b3c304fddd547f73533c2af353e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 89402 d43d4d7730511ae01ada631e49a33386 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 2059212 5d8c784938e35c99434a9aeec756c7f0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 57890 c16d91ecc08a9f644a4702694f061948 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 45426 9b43f0207dc35329c6b68a00f9470b27 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 148480 6475be7a82a097f3d1e650f2e1b34e4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 180882 aa0f56882aee8a313019fd9806cb96e2 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: December 18, 2007 Bugs: #199195, #201042, #201570 ID: 200712-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Background ========== CUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). A local attacker could exploit the second vulnerability to overwrite arbitrary files with the privileges of the user running the CUPS spooler (usually lp) by using symlink attacks. A remote attacker could cause a Denial of Service condition via the third vulnerability when SSL is enabled in CUPS. Workaround ========== To disable SNMP support in CUPS, you have have to manually delete the file "/usr/libexec/cups/backend/snmp". Please note that the file is reinstalled if you merge CUPS again later. To disable the pdftops filter, delete all lines referencing "pdftops" in CUPS' "mime.convs" configuration file. To work around the third vulnerability, disable SSL support via the corresponding USE flag. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4" References ========== [ 1 ] CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 [ 2 ] CVE-2007-5849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849 [ 3 ] CVE-2007-6358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358 [ 4 ] GLSA 200703-28 http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200712-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Background ========== AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1 Description =========== Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1437-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 26, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : several Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5849 CVE-2007-6358 Several local vulnerabilities have been discovered in the Common UNIX Printing System. This vulnerability is not exploitable in the default configuration. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch2. The old stable distribution (sarge) is not affected by CVE-2007-5849. The other issue doesn't warrant an update on it's own and has been postponed. For the unstable distribution (sid), these problems have been fixed in version 1.3.5-1. We recommend that you upgrade your cupsys packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHclSzXm3vHE4uyloRAqN4AJ446Cy9X2qGSIJqCKirOI2pWmEseACgygi1 mLr61xygMrJtafqG+L6vzQw= =Kaoc -----END PGP SIGNATURE----- . The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: e7b60799c6564dab2fac51c4f141dbe5 2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm 4c32071aad3f9098ea2dd2f9a1b7cd49 2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm 63d9a864863267cf2f4fddc02e095e06 2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm 1f4920904c759ce0e9abb3bbc8cdd594 2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm b1ec7aa06c2be308ff9c2a63da1c7731 2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm f383e8d9d10ca981e447dd6a01ee851d 2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b7553d0c3fbc26b3701b141c9b83d4f3 2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm 4a38d3105789f691876915a408b14238 2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm 66f5f00ec62eda88ad3bcc4a7c1bb9f8 2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm 8cb823e9208e3318df6856d6f604e915 2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm 87a2ecc7dea1d4df9dc375aaa08706df 2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm 80f26c35b1a9df435722fda1cbbf73a3 2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm Mandriva Linux 2007.1: 211c3ad187609d5b780ff3fa5b49e444 2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm 7d40f786123cf00358798508bb62d3d3 2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm 0e5804893b2a9246b0e868c31b32b06b 2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm 338d3dec619d84e87f51bd7cfd16d8d2 2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm 8db18206adc7d5e06791544156b055b3 2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm 62132f4112ac2b0a2d12774d29bec0cb 2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm 4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8c149f4c10733c9a9111160ae59ad925 2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm 4b1daf55b41af95a1cd84bebe942d560 2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm 5c5ca12c2c1acc4d4dbabdd1a724c6b6 2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm c3b6080be7e3f4705a8a2a49bcffd444 2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm e0b59e5053778c2ffa2f54e0b45d2d39 2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm f55015ed699bf755c426f543c1663c68 2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm 4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm Mandriva Linux 2008.0: 5e6c08849a88b069afaa97a41e9e960e 2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm 9572d60e8afebae8af024b1fe7209fb3 2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm 3f289e765d786c9e10ea5cfc21f73f6b 2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm c0fd3de781ef4d6ed0f9e13cae53d883 2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm 610b6e72c3c11c6015f8177701156351 2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm fb6ef9cab451a3133be7f76ba840b012 2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm 188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 402aea771b06142b45b722bff80f091e 2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm f2455232cc2a9573ecec47ef56cdc597 2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm 37a5555a41d6fb417b21939c805664f2 2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm ce9c705103f3818d9c5795c9870fe8ff 2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm 69cbe40728e22cc75aec77357f1afd05 2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm 383988eb5c94bb74024fdf374cb3b2be 2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm 188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm Corporate 3.0: 22d8969d906321fbee18c2bbc85588d3 corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm 36304afe8bedfa972b100864a155c631 corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm c769d1450268709318ca831aa61fb0e1 corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm add323f4e6d19502d1784d8170b56158 corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm 1795159898f7d56792ccb5d2fa94f01d corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm 862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm Corporate 3.0/X86_64: 4cc49531ae7c6e30a6119a96fd6e2be7 corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm d99c41a39764138480fd0498fc08dc86 corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm 1217f6489b62f4f97272266a36ad1dcf corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm 37b559193f8165d5fb94f3dfb0a17002 corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm 29f3155a705199ddc18d4f07151ee0e5 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm 862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm Corporate 4.0: 2ff282c107a464893dceecd702a49fbb corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm d40e3334925c3dfeb4cf69c9a81279da corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm c0cd1b083354931223532a3f66708796 corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm 2cbac22995a55e1f2a2775c9b2f993ef corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm 6e2f4b34178fea2cf9fbc6d2ef23bb10 corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm 7013f9f6c6820f411bbece64eef74338 corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5b7647d72d7c6717fc66511d99dfb85d corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm 4e2885508967804e2036312408b887a6 corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm c2c7dcc9fe085e0763bfdb492fb75efc corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm 8638a23ea946526c960840507933c835 corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm 856b172bc91bbd802a821a775d45b6c9 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm f97300e6f09ef8b08d1a0563a5c324f1 corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHqfERmqjQ0CJFipgRAjdGAKDHckN83/fyAlJvHgk69P50eexo2wCbBhR9 nEhVEeHY+sACGciJMKbk5+I= =Qgcw -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Gentoo update for cups SECUNIA ADVISORY ID: SA24660 VERIFY ADVISORY: http://secunia.com/advisories/24660/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for cups. For more information: SA24517 SOLUTION: Update to "net-print/cups-1.2.9" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml OTHER REFERENCES: SA24517: http://secunia.com/advisories/24517/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0551 CVE-2007-1800 Cisco Secure ACS Vulnerable to network access CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices. Cisco Secure ACS is prone to a remote security vulnerability. Also known as \"NACATTACK\"
VAR-200704-0544 CVE-2007-1793 Symantec Norton Personal Firewall of SPBBCDrv.sys Service disruption in (DoS) Vulnerabilities CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver. A local attacker may exploit this issue to crash affected computers, denying service to legitimate users. Symantec Norton Personal Firewall is a very popular firewall software. There is a loophole in the driver implementation of Norton Personal Firewall, and local attackers may use this loophole to perform denial-of-service attacks on the system. The vulnerability is caused due to an input validation error in SPBBCDrv.sys when handling parameters of certain hooked functions. This can be exploited to crash the system by calling NtCreateMutant or NtOpenEvent with specially crafted parameters. The vulnerability is confirmed in version 9.0.0.73 and also reported in versions 9.1.1.7 and 9.1.0.33. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Matousec Transparent Security ORIGINAL ADVISORY: Matousec Transparent Security: http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200703-0432 CVE-2007-1786 Groupmax Used for products such as Hitachi Collaboration - Online Community Management In SQL Injection vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0209 CVE-2007-1884 PHP of printf Function family integer sign error vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits. Attackers may be able to exploit these issues to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions. These issues affect PHP versions prior to 4.4.5 and 5.2.1 running on 64-bit computers. An attacker who plays by ear can execute arbitrary code with the help of specific negative parameter numbers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01086137 Version: 1 HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-06-25 Last Updated: 2007-06-25 Potential Security Impact: Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). References: CVE-2006-4625 CVE-2007-0988 CVE-2007-1286 CVE-2007-1380 CVE-2007-1700 CVE-2007-1701 CVE-2007-1710 CVE-2007-1835 CVE-2007-1884 CVE-2007-1885 CVE-2007-1886 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions running running PHP Hypertext Processing Engine v 4.4.4 are affected: HP Internet Express for Tru64 UNIX (IX) v 6.6 and earlier Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.4 and earlier BACKGROUND RESOLUTION HP is providing PHP v 4.4.6 as part of Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.5, which resolves the potential vulnerabilities. Until the update is available in the mainstream product release, HP is releasing the following two setld-based kits publicly for use by any customer. The resolutions contained in the kits are targeted for availability in the following mainstream product release: HP Internet Express for Tru64 UNIX v 6.7 The kits distribute the following: Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit and source files Secure Web Server for HP Tru64 UNIX v 6.6.5 PREREQUISITE: HP Tru64 UNIX v 5.1A or later Name: sws_v6_6_5_kit.tar.gz Location: http://h30097.www3.hp.com/internet/download.htm#sws Secure Web Server for HP Tru64 UNIX v 6.6.5 including Source Files PREREQUISITE: HP Tru64 UNIX v 5.1A or later Name: sws_v6_6_5_src_kit.tar.gz Location: http://h30097.www3.hp.com/internet/download.htm#sws PRODUCT SPECIFIC INFORMATION HISTORY Version:1 (rev.1) - 25 June 2007 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRoETyuAfOvwtKn1ZEQKROACggBC5RrNrpby62nQmYPEBLnLT8LoAoOKr X4BXLpHPsJJL+xua0KFkk+Te =oBJf -----END PGP SIGNATURE-----
VAR-200704-0592 CVE-2007-1833 CUCM of SCCP Service disruption in implementation (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. This vulnerability is documented in Cisco Bug ID as CSCsf10805
VAR-200704-0593 CVE-2007-1834 CUCM Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. The CUCM vulnerability is documented in Cisco Bug ID as CSCsf12698 and the CUPS vulnerability is documented in Cisco Bug ID as CSCsg60930
VAR-200704-0585 CVE-2007-1826 CUCM of IPSec Manager Service Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. The CUCM vulnerability is documented in Cisco Bug ID as CSCsg20143 and the CUPS vulnerability is documented in Cisco Bug ID as CSCsg60949
VAR-200703-0389 CVE-2007-1728 PS3 and PSP of Remote Play Service disruption in functionality (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. PSP is prone to a denial-of-service vulnerability
VAR-200706-0408 CVE-2007-3347 D-Link DPH-540/DPH-541 Any on the phone SIP Vulnerability used for communication CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. D-Link DPH-540 / DPH-541 are popular wireless internet phone handsets.  There are vulnerabilities in DPH-540 / DPH-541 mobile phones when processing authentication of data requests. Remote attackers may use this vulnerability to send malicious messages to the device. An attacker can exploit this issue to bypass security restrictions
VAR-200706-0515 CVE-2007-3444 Research in Motion BlackBerry 7270 Service disruption in (DoS) Vulnerabilities CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame. BlackBerry 7270 phone is prone to a remote format-string vulnerability. An attacker can exploit this issue to cause certain features of the phone to become unusable until the phone has been reset. BlackBerry 7270 with BlackBerry Device Software 4.0.1.83 and earlier versions are vulnerable. NOTE: When exploited, the device may generate the following error message: "Uncaught exception: java.lang.IllegalArgumentException"
VAR-200706-0514 CVE-2007-3443 Research in Motion BlackBerry 7270 Service disruption in (DoS) Vulnerabilities CVSS V2: 2.3
CVSS V3: -
Severity: LOW
The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered. BlackBerry 7270 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause certain features of the phone to become unusable until the phone has been reset. NOTE: The denial-of-service conditions will remain even when the phone re-registers with the Registrar. BlackBerry 7270 with BlackBerry Device Software 4.0.1.83 and prior versions are vulnerable
VAR-200706-0409 CVE-2007-3348 D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header Denial Of Service Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message. D-Link DPH-540/DPH-541 Wi-Fi phone is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause certain features of the phone to become unusable until the phone has been reset. A denial of service vulnerability exists in the D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header
VAR-200704-0125 CVE-2007-1866 dproxy-nexgen of dns_decode_reverse_name Stack-based buffer overflow vulnerability in functions CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. dproxy-nexgen of dns_decode.c of dns_decode_reverse_name The function contains a stack-based buffer overflow vulnerability. Dproxy is a small cached DNS server. Dproxy is prone to a remote buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code with superuser privileges. A successful attack could result in the complete compromise of affected computers or routers/devices. Version 1.c is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: dproxy-nexgen "dns_decode_reverse_name" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA24688 VERIFY ADVISORY: http://secunia.com/advisories/24688/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: dproxy-nexgen http://secunia.com/product/13834/ DESCRIPTION: mu-b has discovered a vulnerability in dproxy-nexgen, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in the latest available version (2007-04-02). SOLUTION: Use the software only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053289.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200703-0308 CVE-2007-1642 ManageEngine Firewall Analyzer Vulnerabilities in accessing arbitrary common files CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. ManageEngine Firewall Analyzer is prone to a remote information-disclosure vulnerability. A remote authenticated attacker can leverage this issue to access sensitive data. Information obtained could aid in further attacks. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: ManageEngine Firewall Analyzer Information Disclosure SECUNIA ADVISORY ID: SA24707 VERIFY ADVISORY: http://secunia.com/advisories/24707/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: ManageEngine Firewall Analyzer 4.x http://secunia.com/product/13811/ DESCRIPTION: yearsilent has reported a security issue in ManageEngine Firewall Analyzer, which can be exploited by malicious users to disclose potentially sensitive information. SOLUTION: Reportedly, the vulnerability will be fixed in build 4030. Please contact the vendor for early access to this build version. PROVIDED AND/OR DISCOVERED BY: yearsilent ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200703-0600 CVE-2007-1577 GeBlog index.php Directory Traversal Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. GeBlog of index.php Contains a directory traversal vulnerability.By a third party .. GeBlog is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to access sensitive information and to execute local script code in the context of the application; this may facilitate other attacks against the affected computer. GeBlog 0.1 is vulnerable; other versions may also be affected
VAR-200703-0447 CVE-2007-1542 Cisco IP Phone 7940 Service disruption (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Cisco 7940/7960 phones are prone to a remote denial-of-service vulnerability. Cisco IP Phone is a system for providing voice communication over IP network. The vulnerability is caused due to an error within the handling of certain SIP INVITE messages. This can be exploited to reboot the device by sending a specially crafted INVITE message with a malformed "sipURI" field of the Remote-Party-ID. The vulnerability is reported in devices running firmware POS3-07-4-00. SOLUTION: Reportedly, firmware POS8-6-0 is unaffected. PROVIDED AND/OR DISCOVERED BY: Humberto J. Abdelnur, Radu State, and Olivier Festor ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200703-0627 CVE-2007-1585 Linksys WAG200G Important information such as ( Password and configuration data ) Vulnerability to be acquired CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information. Linksys WAG200G is prone to a vulnerability that may disclose sensitive information. An attacker can exploit this issue to retrieve sensitive information that may aid in further attacks. This issue affects firmware version 1.01.01; other versions may also be vulnerable. Linksys WAG200G is a wireless ADSL router. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Linksys Products Information Disclosure Security Issue SECUNIA ADVISORY ID: SA24658 VERIFY ADVISORY: http://secunia.com/advisories/24658/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Linksys WAG200G http://secunia.com/product/13810/ Linksys WRT54GC http://secunia.com/product/13808/ DESCRIPTION: A security issue has been reported in various Linksys products, which can be exploited to disclose certain sensitive information. the product model, the web interface password, the PPPoA username, the PPPoA password, the SSID, and the WPA passphrase by sending a UDP packet to port 916 of the device. The security issue is reported in WAG200G with firmware 1.01.03 and earlier, WRT54GC v1 with firmware 1.03.0 and earlier, and WRT54GC v2 with firmware 1.00.7 and earlier. PROVIDED AND/OR DISCOVERED BY: Daniel Niggebrugge, additional information by Bartomiej Ochman ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200703-0462 CVE-2007-1557 F-Secure Anti-Virus Client Security Service disruption in (DoS) Vulnerabilities CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed. F-Secure Anti-Virus Client Security is a real-time virus monitoring and protection system on the PC platform, supporting all WINDOWS systems
VAR-200703-0606 CVE-2007-1467 plural Cisco Product PreSearch.html Cross-site scripting vulnerability CVSS V2: 3.5
CVSS V3: -
Severity: LOW
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Multiple Cisco products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue by enticing a victim into following a maliciously crafted URI. Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco IDs: CSCsh91761, CSCsh52300, CSCsh91884, CSCsi12435, CSCsh91901, CSCsi10405, CSCsh91953, CSCsh93070, CSCsh93854, CSCek71039, CSCsh95009, CSCsi10818, CSCsi10674, CSCsi10982, CSCsi13743, CSCsi13763. A remote attacker can inject arbitrary web script or HTML with the help of a text field in search format. Input passed to the search code of PreSearch.html or PreSearch.class (depending on software or device) is not properly sanitised before being returned to the user. SOLUTION: If possible, the vendor recommends deleting or renaming the PreSearch.html and PreSearch.class files. PROVIDED AND/OR DISCOVERED BY: Independently discovered by Erwin Paternotte from Fox-IT and Cassio Goldschmidt. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------