VARIoT IoT vulnerabilities database

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. Cisco IOS There are multiple service disruptions (DoS) Vulnerabilities exist. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. 1) Errors when processing SIP packets can be exploited to crash the device or allow execution of arbitrary code via specially-crafted SIP packets. 2) Errors when processing MGCP packets can be exploited to cause the device to crash or become unresponsive via specially-crafted MGCP packets. 3) Errors when processing H.323 packets can be exploited to crash the device via specially crafted H.323 packets. 4) Errors when processing RTP packets can be exploited to crash the device via specially crafted RTP packets. 5) An error within Facsimile reception can be exploited to crash the device via an overly large packet. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updated versions. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249. (CSCsf11855, CSCeb21064, CSCse40276, CSCse68355, CSCsf30058, CSCsb24007, CSCsc60249)Device crashes and denial of service (DoS) It may be in a state. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. 1) Errors when processing SIP packets can be exploited to crash the device or allow execution of arbitrary code via specially-crafted SIP packets. 2) Errors when processing MGCP packets can be exploited to cause the device to crash or become unresponsive via specially-crafted MGCP packets. 3) Errors when processing H.323 packets can be exploited to crash the device via specially crafted H.323 packets. 4) Errors when processing RTP packets can be exploited to crash the device via specially crafted RTP packets. 5) An error within Facsimile reception can be exploited to crash the device via an overly large packet. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updated versions. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505. Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities SECUNIA ADVISORY ID: SA26363 VERIFY ADVISORY: http://secunia.com/advisories/26363/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Errors when processing SIP packets can be exploited to crash the device or allow execution of arbitrary code via specially-crafted SIP packets. 2) Errors when processing MGCP packets can be exploited to cause the device to crash or become unresponsive via specially-crafted MGCP packets. 3) Errors when processing H.323 packets can be exploited to crash the device via specially crafted H.323 packets. 4) Errors when processing RTP packets can be exploited to crash the device via specially crafted RTP packets. 5) An error within Facsimile reception can be exploited to crash the device via an overly large packet. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updated versions. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. (CSCsi80102)Arbitrary code may be executed by a third party. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. The vulnerability is reported in versions 5.0, 5.1, and 6.0. SOLUTION: Update to the fixed versions. CUCM 5.0: Update to CUCM 5.1(2b). CUCM 5.1(2b): http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2 CUCM 6.0(1a): http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-60 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749. (CSCsi80749)Fraud created by third parties SIP Arbitrary code could be executed when processing a packet. Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities SECUNIA ADVISORY ID: SA26363 VERIFY ADVISORY: http://secunia.com/advisories/26363/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 2) Errors when processing MGCP packets can be exploited to cause the device to crash or become unresponsive via specially-crafted MGCP packets. 3) Errors when processing H.323 packets can be exploited to crash the device via specially crafted H.323 packets. 4) Errors when processing RTP packets can be exploited to crash the device via specially crafted RTP packets. 5) An error within Facsimile reception can be exploited to crash the device via an overly large packet. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updated versions. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. Exploiting this issue allows remote attackers to retrieve, write, or overwrite arbitrary files on the device's filesystem, including configuration and password files. Successful exploits will result in a complete compromise of affected devices. This issue affects Cisco 12.2-based IOS with the secure copy server feature enabled. This feature is not enabled by default. This issue is being tracked by Cisco Bug ID CSCsc19259. Cisco IOS is the operating system used in Cisco networking equipment. This vulnerability does not allow authentication bypass; login credentials are required to be verified and access is only allowed if a valid username and password are provided. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IOS Secure Copy Security Bypass Vulnerability SECUNIA ADVISORY ID: SA26361 VERIFY ADVISORY: http://secunia.com/advisories/26361/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system REVISION: 1.1 originally posted 2007-08-09 OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions. configuration files containing passwords) from and to an IOS device without privilege levels being checked. Successful exploitation requires that the device is configured as a Secure Copy server (disabled by default). The vulnerability reportedly only affects certain 12.2-based IOS releases. SOLUTION: Apply updated versions (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Vijay Sarvepalli, University of North Carolina CHANGELOG: 2007-08-09: Added CVE reference. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. Camera Life is prone to a remote security vulnerability. Camera Life is an open source PHP-based photo management and organization plugin. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Camera Life Security Bypass Vulnerability SECUNIA ADVISORY ID: SA26319 VERIFY ADVISORY: http://secunia.com/advisories/26319/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Camera Life 2.x http://secunia.com/product/15165/ DESCRIPTION: A vulnerability has been reported in Camera Life, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires knowledge of the names of the photos. The vulnerability is reported in versions prior to 2.6.0. SOLUTION: Update to version 2.6.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/Changelog ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment. Security Gateway is prone to a security bypass vulnerability

Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data. Security Gateway is prone to a denial-of-service vulnerability

Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors. Very few technical details are currently available. We will update this BID as more information emerges. An attacker can exploit this issue to deny access to legitimate users. Versions prior to Camera Life 2.6 are vulnerable

Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. HP-UX is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. HP-UX 11.11i is vulnerable; other versions may also be affected. HP-UX is a UNIX operating system developed by HP. Remote attackers may use this vulnerability to control the server. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: HP-UX 11.11 ldcconn Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA26373 VERIFY ADVISORY: http://secunia.com/advisories/26373/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: HP-UX 11.x http://secunia.com/product/138/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in ldcconn and can be exploited to cause a buffer overflow by sending an overly long string to the service (default port 17781/TCP). Successful exploitation allows execution of arbitrary code. The vulnerability is reported in the HP Controller for Cisco Local Director package on HP-UX 11.11i. SOLUTION: The vendor recommends using another tool as the package has been obsolete since 2002 and is no longer supported. PROVIDED AND/OR DISCOVERED BY: iDefense Labs ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=572 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information

Ipswitch IMail Server is a mail server bundled in the Ipswitch collaboration component. A buffer overflow vulnerability exists in the IMail server processing parameters of the SEARCH command request. A remote attacker could exploit this vulnerability to control the server. The IMail server has a stack buffer overflow problem when dealing with multiple options of the SEARCH command (BEFORE, ON, SINCE, SENTBEFORE, SENTON, SENTSINCE). The remote attacker can trigger an overflow by submitting a malformed SEARCH request, resulting in arbitrary instructions. Ipswitch IMail Server and Collaboration Suite (ICS) are prone to multiple buffer-overflow vulnerabilities because these applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions. These versions are reported vulnerable to these issues: Ipswitch Collaboration Suite (ICS) 2006 IMail Premium 2006.2 and 2006.21 Other versions may also be affected. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. This can be exploited to cause stack-based buffer overflows via overly long, quoted or unquoted arguments passed to the command. Successful exploitation allows execution of arbitrary code. Other versions may also be affected. SOLUTION: Grant only trusted users access to the IMAP service. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Secunia Research * ZhenHan Liu, Ph4nt0m Security Team. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Atheros Provided by the company Microsoft Windows The wireless network driver for is vulnerable to the frame handling part. Crafted 802.11 Sending a management frame causes a buffer overflow, resulting in service disruption ( DoS ) You may be attacked. 802.11b, 802.11g, 802.11n Management frames in are not encrypted and do not require authentication to be sent. further, WEP And WPA It has been found that even if wireless communication encryption such as is affected by this vulnerability. Linux And UNIX Used in NDISWrapper And using vulnerable drivers with similar technologies may also be affected.  The driver did not adequately check for malformed management frames, and a remote attacker could trigger an overflow by sending a specially constructed 802.11 management frame that requires no authentication or encryption. Atheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. This issue is reported to affect drivers for the Windows operating system. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. SOLUTION: The vendor has reportedly issued firmware updates (versions 5.3.0.35 and 6.0.3.67 and later) to OEMs. PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT. ORIGINAL ADVISORY: US-CERT VU#730169: http://www.kb.cert.org/vuls/id/730169 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use. platon of phpwebfilemanager Exists in unspecified vulnerabilities.None

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. Hitachi uCosminexus is an application server system.  There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.  Details of the vulnerability are currently unknown. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling SECUNIA ADVISORY ID: SA26250 VERIFY ADVISORY: http://secunia.com/advisories/26250/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From local network SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/ DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software.  There is a vulnerability in the implementation of Hitachi JP1 / Cm2 / Hierarchical Viewer. A remote attacker may use this vulnerability to cause a denial of service.  HV generates an error when processing malformed data, which makes the HV web interface unavailable. Attackers can exploit this issue to cause denial-of-service conditions. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Please see the vendor's advisory for a list of affected versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-021_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. Apple Safari is prone to a weakness that may result in the execution of potentially malicious Java applets. This issue results from a design error. This weakness arises because the application fails to properly check a security setting. Versions prior to Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are vulnerable to this issue. Safari is the WEB browser bundled with the Apple family operating system by default. Safari provides an option to enable Java preferences

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.". ISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable. RESOLUTION The resolution is to discontinue the use of BIND/iX and migrate DNS services to another platform. =========================================================== Ubuntu Security Notice USN-627-1 July 22, 2008 dnsmasq vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dnsmasq-base 2.41-2ubuntu2.1 After a standard system upgrade you need to restart Dnsmasq to effect the necessary changes. Details follow: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. Background ========== pdnsd is a proxy DNS server with permanent caching that is designed to cope with unreachable DNS servers. Impact ====== An attacker could exploit the second weakness to poison the cache of pdnsd and thus spoof DNS traffic, which could e.g. The first issue can be exploited by enticing pdnsd to send a query to a malicious DNS server, or using the port randomization weakness, and might lead to a Denial of Service. Workaround ========== Port randomization can be enabled by setting the "query_port_start" option to 1024 which would resolve the CVE-2008-1447 issue. In IP NAT filtering in Sun Solaris 10 and OpenSolaris series products, when a DNS server runs NAT, it incorrectly changes the original address of the data packet. And spoof the address returned by the DNS response. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. HP TCP/IP Services for OpenVMS 5.7 ECO5 package is available from the following location: The HP TCP/IP Services for OpenVMS 5.7 ECO5 kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Multiple vulnerabilities Date: December 16, 2008 Bugs: #225465, #236060 ID: 200812-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. Background ========== Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server ("WEBRick") and a class for XML parsing ("REXML"). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/ruby < 1.8.6_p287-r1 >= 1.8.6_p287-r1 Description =========== Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: * Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662). * Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663). * Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664). * Memory corruption ("REALLOC_N") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725). * Memory corruption ("beg + rlen") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726). Furthermore, several other vulnerabilities have been reported: * Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447). * Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376). * Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655). * Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656). * A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by "sheepman" (CVE-2008-3657). * Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905). * Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790). Impact ====== These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion. Workaround ========== There is no known workaround at this time. Resolution ========== All Ruby users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1" References ========== [ 1 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [ 2 ] CVE-2008-2376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 [ 3 ] CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 [ 4 ] CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 [ 5 ] CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 [ 6 ] CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 [ 7 ] CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 [ 8 ] CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 [ 9 ] CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 [ 10 ] CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 [ 11 ] CVE-2008-3790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 [ 12 ] CVE-2008-3905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . There are two ways to deal with this situation: 1. The documentation included with BIND 9 contains a migration guide. 2. Configure the BIND 8 resolver to forward queries to a BIND 9 resolver. Provided that the network between both resolvers is trusted, this protects the BIND 8 resolver from cache poisoning attacks (to the same degree that the BIND 9 resolver is protected). This problem does not apply to BIND 8 when used exclusively as an authoritative DNS server. It is theoretically possible to safely use BIND 8 in this way, but updating to BIND 9 is strongly recommended. BIND 8 (that is, the bind package) will be removed from the etch distribution in a future point release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01506861 Version: 6 HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-07-16 Last Updated: 2010-12-15 ----------------------------------------------------------------------------- Potential Security Impact: Remote DNS cache poisoning Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. References: CVE-2008-1447 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.3.2 or BIND v9.2.0, HP-UX B.11.11 running BIND v8.1.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-1447 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates / patch to resolve the vulnerabilities for BIND v9.2.0 and BIND v9.3.2. Customers running BIND v8.1.2 on HP-UX B.11.11 should upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below. A new BIND v9.2.0 depot is available to address an issue encountered on HP-UX B.11.11. The new depot is available by contacting HP Support. The BIND v9.3.2 updates are available for download from: http://software.hp.com The patch PHNE_37865 is available from: http://itrc.hp.com HP-UX Release / Action B.11.11 running v8.1.2 / Upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / BIND Depot name / Action B.11.11 running v9.2.0 / BIND920V15.depot / Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.23 running v9.2.0 / Install PHNE_37865 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.11 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.23 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.31 running v9.3.2 / Install revision C.9.3.2.3.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Firewall configurations may need to be adjusted to allow DNS queries from random source ports to pass. In addition, firewalls that forward DNS queries must not replace the random source ports. MANUAL ACTIONS: Yes - NonUpdate Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Check firewall settings. For B.11.11 running v8.1.2, upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates For B.11.11 running v9.2.0 install BIND920v15.depot PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa AFFECTED VERSIONS For BIND v8.1.2 HP-UX B.11.11 ============= InternetSrvcs.INETSVCS-RUN action: upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. For BIND v9.3.2 HP-UX B.11.11 ============= BindUpgrade.BIND-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.23 ============= BindUpgrade.BIND-UPGRADE BindUpgrade.BIND2-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.31 ============= NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com For BIND v9.2.0 HP-UX B.11.11 ============= BINDv920.INETSVCS-BIND action: install revision B.11.11.01.015 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL Contact HP Support for information on where to download depot. HP-UX B.11.23 ============= InternetSrvcs.INETSVCS-INETD InternetSrvcs.INETSVCS-RUN InternetSrvcs.INETSVCS2-RUN action: install patch PHNE_37865 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://itrc.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 16 July 2008 Initial release Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2 Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11 Version:6 (rev.6) - 15 December 2010 Reformat v9.2.0 recommendation for clarity. Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0JQB8ACgkQ4B86/C0qfVmfGwCeOT1oSjH7NZVlEmixFnjM5hWp gtAAnj1pfPTQUHenOf3lzoRYLUEoy6xf =/E+O -----END PGP SIGNATURE----- . Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery. The Common Vulnerabilities and Exposures project identifies this class of weakness as CVE-2008-1447. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA26195 VERIFY ADVISORY: http://secunia.com/advisories/26195/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote OPERATING SYSTEM: Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux Desktop Workstation (v. 5 client) http://secunia.com/product/13651/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/ RedHat Enterprise Linux AS 3 http://secunia.com/product/2534/ RedHat Enterprise Linux AS 4 http://secunia.com/product/4669/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux ES 3 http://secunia.com/product/2535/ RedHat Enterprise Linux ES 4 http://secunia.com/product/4668/ RedHat Enterprise Linux WS 3 http://secunia.com/product/2536/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux WS 4 http://secunia.com/product/4670/ RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ DESCRIPTION: Red Hat has issued an update for bind. For more information: SA26152 SOLUTION: Updated packages are available from Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2007-0740.html OTHER REFERENCES: SA26152: http://secunia.com/advisories/26152/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. This update also switches the random number generator to Dan Bernstein's SURF. For the stable distribution (etch), this problem has been fixed in version 2.35-1+etch4. Packages for alpha will be provided later. For the unstable distribution (sid), this problem has been fixed in version 2.43-1. We recommend that you upgrade your dnsmasq package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4.dsc Size/MD5 checksum: 596 3834461c89e55467b4b65ed4ac209e81 http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35.orig.tar.gz Size/MD5 checksum: 252901 ad1fafeaf3442685cfe16613e0f8b777 http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4.diff.gz Size/MD5 checksum: 19202 4ced7768f49198bd43bbbd24f2a3d3e4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_amd64.deb Size/MD5 checksum: 188278 8fb55f694db9fdfccaa86d134e937777 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_arm.deb Size/MD5 checksum: 181746 4caf23f31de937b817e12ade7d132eac hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_hppa.deb Size/MD5 checksum: 190490 66730e785683655b058d11aa70346be4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_i386.deb Size/MD5 checksum: 184546 1fbdd71e81a1e05d68b0f88eaeb00b10 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_ia64.deb Size/MD5 checksum: 223758 011f283b71ef0f9e07d5a9dce25db505 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_mips.deb Size/MD5 checksum: 189846 5c67cca2eaedc1dff80c5fd05aa1d33f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_mipsel.deb Size/MD5 checksum: 191824 dfd87d69a7751f1e6ef2d0f1ede052ff powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_powerpc.deb Size/MD5 checksum: 186890 93701abcca5421beddab015a7f35af99 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_s390.deb Size/MD5 checksum: 186396 6f19f6c8d803c3d57e01e73fe1e11886 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_sparc.deb Size/MD5 checksum: 182910 f360078c14f715e90e60124b4ede2be9 These files will probably be moved into the stable distribution on its next update

Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects versions prior to Aruba Mobility Controller 2.5.4.18 and FIPS prior to 2.4.8.6-FIPS. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Certain input passed to the login pages is not properly sanitised before being returned to the user. SOLUTION: Update to the latest patched firmware version. http://www.arubanetworks.com/support PROVIDED AND/OR DISCOVERED BY: The vendor credits Adair Collins and Steve Palmer of HostsPlus, and Nobuhiro Tsuji of NTT DATA SECURITY. ORIGINAL ADVISORY: http://www.arubanetworks.com/support/alerts/aid-070907b.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------