VARIoT IoT vulnerabilities database
| VAR-200609-0146 | CVE-2006-4650 | Cisco IOS Rogue GRE Vulnerability that bypasses packet access control |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. Cisco IOS Contains source routing information GRE Packet Offset A vulnerability exists where the starting position of the source routing information is not properly calculated when releasing an encapsulated packet due to improper checks on the field.Inappropriate areas of the packet may be referred to as source routing information, and packets released from the device may be forwarded. Cisco IOS is prone to multiple vulnerabilities when decapsulating GRE routing packets.
Specifically, these issues present themselves when the device handles malicious GRE packets with oversized header offset values, and also with malicious GRE packets containing modified source-routing data.
A successful attack can allow an attacker to disclose sensitive information in process memory buffers, bypass security restrictions, deny service to legitimate users, or possibly crash the Cisco IOS operating system.
Cisco IOS 12.0, 12.1, and 12.2 based trains are reported vulnerable. All devices running affected versions of Cisco IOS that are configured with GRE IP or GRE IP multipoint tunnels are vulnerable to this issue. Remote attackers may cause errors in device processing packets. If a specially crafted GRE message is received, the IOS device does not verify whether the offset field points to the message. If the offset value is set to a negative value, the IOS directly subtracts the offset from the integer containing the full length of the IP message. shift, resulting in buffer access out-of-bounds overflow. This may lead to interpreting the rest of the memory contents of the ring buffer as payload IP packets and re-injecting them into the routing queue with large length information: GRE decapsulated IP 0.3.74.0->0.0.1.30 (len =65407, ttl=39) GRE decapsulated IP 176.94.8.0- > 0.0.0.0 (len=64904, ttl=0) GRE decapsulated IP 0.15.31.193- > 176.94.8.0 (len=64894, ttl=237) GRE decapsulated IP 128.42.131.220->128.0.3.74 (len=64884, ttl=128) If the ring buffer can be carefully filled with legitimate traffic containing IP headers at the appropriate offsets, an attacker can create many An IP packet with a large length value.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco IOS GRE Decapsulation Vulnerability
SECUNIA ADVISORY ID:
SA21783
VERIFY ADVISORY:
http://secunia.com/advisories/21783/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS R12.x
http://secunia.com/product/50/
Cisco IOS 12.x
http://secunia.com/product/182/
DESCRIPTION:
FX has reported a vulnerability in Cisco IOS, which can be exploited
by malicious people to bypass certain security restrictions. This can
potentially be exploited to bypass access control lists on the router
by sending specially crafted packets.
NOTE: Cisco IOS version 12.0S, with a revision later than 12.0(23)S,
with CEF enabled is not affected.
SOLUTION:
Apply patch CSCuk27655, CSCea22552, or CSCei62762.
PROVIDED AND/OR DISCOVERED BY:
FX, Phenoelit.
ORIGINAL ADVISORY:
Phenoelit:
http://www.phenoelit.de/stuff/CiscoGRE.txt
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200609-0075 | CVE-2006-4617 | vtiger CRM of fileupload.html Vulnerable to uploading arbitrary files |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder
| VAR-200609-0040 | CVE-2006-4562 | Symantec Gateway Security Security hole |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
| VAR-200110-0185 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
Background
==========
The Mozilla Network Security Service is a library implementing security
features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME and X.509 certificates. This impacts any software using the NSS library, like the
Mozilla products Firefox, Thunderbird and Seamonkey. BIND uses RSA
cryptography as part of its DNSSEC implementation. As a result, to
resolve the security issue, these packages need to be upgraded and for
both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
be generated using the "-e" option of dnssec-keygen, if the current
keys were generated using the default exponent of 3.
You are able to determine if your keys are vulnerable by looking at the
algorithm (1 or 5) and the first three characters of the Base64 encoded
RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN",
"AQO", or "AQP" are vulnerable.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Corporate 3.0:
fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 4.0:
8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm
eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z
6faoicEmIFqGW4QuEVIhCbU=
=bI0u
-----END PGP SIGNATURE-----
.
Any software using OpenSSL to verify X.509 certificates is potentially
vulnerable to this issue, as well as any other use of PKCS #1 v1.5,
including software uses OpenSSL for SSL or TLS. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00967144
Version: 1
HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL)
VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4 (SSL and BIND)
HP Tru64 UNIX v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6 (BIND)
HP Tru64 UNIX v 4.0G PK4 (BIND)
HP Tru64 UNIX v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)
BACKGROUND
RESOLUTION
HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.
The fixes contained in the ERP kits will be available in the following mainstream releases:
-Targeted for availability in HP Tru64 UNIX v 5.1B-5
-Internet Express (IX) v 6.7
-HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)
HP Tru64 UNIX Version 5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
HP Tru64 UNIX Version 5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
HP Tru64 UNIX Version 5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
HP Tru64 UNIX Version 4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
HP Tru64 UNIX Version 4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)
Location: http://h30097.www3.hp.com/cma/patches.html
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
Internet Express (IX) v 6.6 BIND
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
PRODUCT SPECIFIC INFORMATION
The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
-OpenSSL 0.9.8d
-BIND 9.2.8 built with OpenSSL 0.9.8d
Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d
Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.
The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.
HISTORY
Version:1 (rev.1) - 12 April 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL, AMD64 x86 emulation base libraries: RSA signature
forgery
Date: September 07, 2006
Bugs: #146375, #146438
ID: 200609-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
OpenSSL fails to properly validate PKCS #1 v1.5 signatures.
Background
==========
OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library.
The x86 emulation base libraries for AMD64 contain a vulnerable version
of OpenSSL.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 openssl < 0.9.7k >= 0.9.7k
2 emul-x86-linux-baselibs < 2.5.2 >= 2.5.2
-------------------------------------------------------------------
# Package 2 [app-emulation/emul-x86-linux-baselibs] only applies
to AMD64 users.
NOTE: Any packages listed without architecture tags apply to all
architectures...
-------------------------------------------------------------------
2 affected packages
-------------------------------------------------------------------
Description
===========
Daniel Bleichenbacher discovered that it might be possible to forge
signatures signed by RSA keys with the exponent of 3.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"
All AMD64 x86 emulation base libraries users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2"
References
==========
[ 1 ] CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200609-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.
BACKGROUND
RESOLUTION
HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
OpenOffice.org 3 Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38568
VERIFY ADVISORY:
http://secunia.com/advisories/38568/
DESCRIPTION:
Some vulnerabilities have been reported in OpenOffice.org, which can
be exploited by malicious people to bypass certain security
restrictions, conduct spoofing attacks, or compromise a user's
system.
1) The included libxml2 library fails to properly verify signatures.
This is related to:
SA21709
2) An error in the included libxmlsec library can be exploited to
potentially forge a valid signature.
For more information:
SA35854
3) An error in the included MSVC Runtime package can be exploited to
bypass certain security features.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
4) Sebastian Apelt of siberas
5) Frank Rei\xdfner and Sebastian Apelt of siberas
6) Nicolas Joly of Vupen
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
OTHER REFERENCES:
SA21709:
http://secunia.com/advisories/21709/
SA35854:
http://secunia.com/advisories/35854/
SA35967:
http://secunia.com/advisories/35967/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.6m-1sarge2
This package exists only for compatibility with older software, and is
not present in the unstable or testing branches of Debian.
We recommend that you upgrade your openssl packages. Note that services
linking against the openssl shared libraries will need to be restarted.
Common examples of such services include most Mail Transport Agents, SSH
servers, and web servers.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc
Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz
Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb
Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb
Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb
Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb
Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb
Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb
Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb
Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb
Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb
Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb
Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb
Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb
Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297
These files will probably be moved into the stable distribution on
its next update
| VAR-200609-0837 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1174-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
September 11th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openssl096
Problem-Type : local
Vulnerability : cryptographic weakness
Debian-specific: no
CVE ID : CVE-2006-4339
BugTraq ID : 19849
Debian Bug : 386247
Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package
that could allow an attacker to generate a forged signature that OpenSSL
will accept as valid.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.6m-1sarge2
This package exists only for compatibility with older software, and is
not present in the unstable or testing branches of Debian. Note that services
linking against the openssl shared libraries will need to be restarted.
Common examples of such services include most Mail Transport Agents, SSH
servers, and web servers.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc
Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz
Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb
Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb
Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb
Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb
Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb
Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb
Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb
Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb
Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb
Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb
Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb
Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb
Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297
These files will probably be moved into the stable distribution on
its next update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2007-0001
Synopsis: VMware ESX server security updates
Issue date: 2007-01-08
Updated on: 2007-01-08
CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940
CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2006-4980
- -------------------------------------------------------------------
1. Summary:
Updated ESX Patches address several security issues.
2. Relevant releases:
VMware ESX 3.0.1 without patch ESX-9986131
VMware ESX 3.0.0 without patch ESX-3069097
VMware ESX 2.5.4 prior to upgrade patch 3
VMware ESX 2.5.3 prior to upgrade patch 6
VMware ESX 2.1.3 prior to upgrade patch 4
VMware ESX 2.0.2 prior to upgrade patch 4
3. Problem description:
Problems addressed by these patches:
a. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
b. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.
c. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
d. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w.
e. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
4. Solution:
Please review the Patch notes for your version of ESX and verify the md5sum.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6. Contact:
http://www.vmware.com/security
VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html
E-mail: security@vmware.com
Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE
neFG0RikD74TCYeXKW6CBy4=
=9/6k
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4 (SSL and BIND)
HP Tru64 UNIX v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6 (BIND)
HP Tru64 UNIX v 4.0G PK4 (BIND)
HP Tru64 UNIX v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)
BACKGROUND
RESOLUTION
HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.
The fixes contained in the ERP kits will be available in the following mainstream releases:
-Targeted for availability in HP Tru64 UNIX v 5.1B-5
-Internet Express (IX) v 6.7
-HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)
HP Tru64 UNIX Version 5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
HP Tru64 UNIX Version 5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
HP Tru64 UNIX Version 5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
HP Tru64 UNIX Version 4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
HP Tru64 UNIX Version 4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)
Location: http://h30097.www3.hp.com/cma/patches.html
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
Internet Express (IX) v 6.6 BIND
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
PRODUCT SPECIFIC INFORMATION
The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
-OpenSSL 0.9.8d
-BIND 9.2.8 built with OpenSSL 0.9.8d
Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d
Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.
The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.
Background
==========
OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library.
The x86 emulation base libraries for AMD64 contain a vulnerable version
of OpenSSL.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 openssl < 0.9.7k >= 0.9.7k
2 emul-x86-linux-baselibs < 2.5.2 >= 2.5.2
-------------------------------------------------------------------
# Package 2 [app-emulation/emul-x86-linux-baselibs] only applies
to AMD64 users.
NOTE: Any packages listed without architecture tags apply to all
architectures...
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"
All AMD64 x86 emulation base libraries users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2"
References
==========
[ 1 ] CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200609-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8
CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
OpenOffice.org 3 Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38568
VERIFY ADVISORY:
http://secunia.com/advisories/38568/
DESCRIPTION:
Some vulnerabilities have been reported in OpenOffice.org, which can
be exploited by malicious people to bypass certain security
restrictions, conduct spoofing attacks, or compromise a user's
system.
1) The included libxml2 library fails to properly verify signatures.
This is related to:
SA21709
2) An error in the included libxmlsec library can be exploited to
potentially forge a valid signature.
For more information:
SA35854
3) An error in the included MSVC Runtime package can be exploited to
bypass certain security features.
For more information see vulnerability #2 in:
SA35967
4) An error in the processing XPM files can be exploited to
potentially execute arbitrary code.
5) An error in the processing GIF files can be exploited to
potentially execute arbitrary code.
6) An error in the processing of Word documents can be exploited to
potentially execute arbitrary code.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
4) Sebastian Apelt of siberas
5) Frank Rei\xdfner and Sebastian Apelt of siberas
6) Nicolas Joly of Vupen
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
OTHER REFERENCES:
SA21709:
http://secunia.com/advisories/21709/
SA35854:
http://secunia.com/advisories/35854/
SA35967:
http://secunia.com/advisories/35967/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Release Date: 2006-10-31
Last Updated: 2006-10-31
Potential Security Impact: Remote Unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access.
References: CVE-2006-4339
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy.
BACKGROUND
The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report.
Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
HP-UX B.11.04 Virtualvault A.04.70
===========================
VaultWS.WS-CORE
VaultTS.VV-IWS
VaultTS.VV-CORE-CMN
VaultTGP.TGP-CORE
action: install PHSS_35463, PHSS_35460, PHSS_35481 or subsequent
HP-UX B.11.04 Virtualvault A.04.70 (Apache 2.X)
====================================
VaultWS.WS-CORE
action: install PHSS_35436 or subsequent
HP-UX B.11.04 Virtualvault A.04.60
===========================
VaultWS.WS-CORE
VaultTS.VV-IWS
VaultTS.VV-CORE-CMN
VaultTGP.TGP-CORE
action: install PHSS_35462, PHSS_35459, PHSS_35480 or subsequent
HP-UX B.11.04 Virtualvault A.04.50
===========================
VaultWS.WS-CORE
VaultTS.VV-IWS
VaultTS.VV-IWS-JK
VaultTS.VV-CORE-CMN
action: install PHSS_35461, PHSS_35458 or subsequent
HP-UX B.11.04 HP Webproxy A.02.10 (Apache 2.x)
============================
HP_Webproxy.HPWEB-PX-CORE
action: install PHSS_35437 or subsequent
HP-UX B.11.04 HP Webproxy A.02.10 (Apache 1.x)
============================
HP_Webproxy.HPWEB-PX-CORE
action: install PHSS_35111 or subsequent
HP-UX B.11.04 HP Webproxy A.02.00
============================
HP_Webproxy.HPWEB-PX-CORE
action: install PHSS_35110 or subsequent
END AFFECTED VERSIONS
RESOLUTION
HP is making the following patches available to resolve this issue.
The patches are available for download from http://itrc.hp.com
For B.11.04 HP has made the following patches available:
PHSS_35463 Virtualvault 4.7 OWS (Apache 1.x) update
PHSS_35460 Virtualvault 4.7 IWS update
PHSS_35481 Virtualvault 4.7 TGP update
PHSS_35436 Virtualvault 4.7 OWS (Apache 2.x) update
PHSS_35462 Virtualvault 4.6 OWS update
PHSS_35459 Virtualvault 4.6 IWS update
PHSS_35480 Virtualvault 4.6 TGP update
PHSS_35461 Virtualvault 4.5 OWS update
PHSS_35458 Virtualvault 4.5 IWS update
PHSS_35437 Webproxy server 2.1 (Apache 2.x) update
PHSS_35111 Webproxy server 2.1 (Apache 1.x) update
PHSS_35110 Webproxy server 2.0 update
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
MANUAL ACTIONS: No
HISTORY Version: 1 (rev.1) 31 October 2006 Initial release
Third Party Security Patches: Third Party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services
support channel.
Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com. It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information. To get the security-alert PGP key, please send an
e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and
continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and
save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
Subscriber's choice for Business: sign-in.
On the web page:
Subscriber's Choice: your profile summary
- use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:
GN = HP General SW,
MA = HP Management Agents,
MI = Misc. 3rd party SW,
MP = HP MPE/iX,
NS = HP NonStop Servers,
OV = HP OpenVMS,
PI = HP Printing & Imaging,
ST = HP Storage SW,
TL = HP Trusted Linux,
TU = HP Tru64 UNIX,
UX = HP-UX,
VV = HP Virtual Vault
System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."
(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners. OpenSSL Security Advisory [5th September 2006]
RSA Signature Forgery (CVE-2006-4339)
=====================================
Vulnerability
-------------
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.
Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
Recommendations
---------------
There are multiple ways to avoid this vulnerability. Any one of the
following measures is sufficient. Upgrade the OpenSSL server software.
The vulnerability is resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7k (or later);
- in the 0.9.8 branch, version 0.9.8c (or later).
OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under http://www.openssl.org/source/mirror.html):
o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8c.tar.gz
MD5 checksum: 78454bec556bcb4c45129428a766c886
SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d
o openssl-0.9.7k.tar.gz
MD5 checksum: be6bba1d67b26eabb48cf1774925416f
SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
2. If this version upgrade is not an option at the present time,
alternatively the following patch may be applied to the OpenSSL
source code to resolve the problem. The patch is compatible with
the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL.
o http://www.openssl.org/news/patch-CVE-2006-4339.txt
Whether you choose to upgrade to a new version or to apply the patch,
make sure to recompile any applications statically linked to OpenSSL
libraries.
Acknowledgements
----------------
The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle
and Ben Laurie, of Google Security, who successfully forged various
certificates, showing OpenSSL was vulnerable, and provided the patch
to fix the problems
| VAR-200609-0995 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. This vulnerability may allow an attacker to forge RSA signatures. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.
Any software using OpenSSL to verify X.509 certificates is potentially
vulnerable to this issue, as well as any other use of PKCS #1 v1.5,
including software uses OpenSSL for SSL or TLS.
Updated packages are patched to address this issue.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1174-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
September 11th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openssl096
Problem-Type : local
Vulnerability : cryptographic weakness
Debian-specific: no
CVE ID : CVE-2006-4339
BugTraq ID : 19849
Debian Bug : 386247
Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package
that could allow an attacker to generate a forged signature that OpenSSL
will accept as valid.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.6m-1sarge2
This package exists only for compatibility with older software, and is
not present in the unstable or testing branches of Debian.
We recommend that you upgrade your openssl packages. Note that services
linking against the openssl shared libraries will need to be restarted.
Common examples of such services include most Mail Transport Agents, SSH
servers, and web servers.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc
Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz
Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb
Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb
Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb
Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb
Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb
Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb
Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb
Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb
Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb
Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb
Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb
Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb
Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297
These files will probably be moved into the stable distribution on
its next update. ===========================================================
Ubuntu Security Notice USN-339-1 September 05, 2006
openssl vulnerability
CVE-2006-4339
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.3
Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.2
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of
Google Security discovered that the OpenSSL library did not
sufficiently check the padding of PKCS #1 v1.5 signatures if the
exponent of the public key is 3 (which is widely used for CAs). BIND uses RSA
cryptography as part of its DNSSEC implementation. As a result, to
resolve the security issue, these packages need to be upgraded and for
both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
be generated using the "-e" option of dnssec-keygen, if the current
keys were generated using the default exponent of 3.
You are able to determine if your keys are vulnerable by looking at the
algorithm (1 or 5) and the first three characters of the Base64 encoded
RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN",
"AQO", or "AQP" are vulnerable.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Corporate 3.0:
fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 4.0:
8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm
eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z
6faoicEmIFqGW4QuEVIhCbU=
=bI0u
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00849540
Version: 1
HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-01-17
Last Updated: 2007-01-23
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01
BACKGROUND
AFFECTED VERSIONS
For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
END AFFECTED VERSIONS
RESOLUTION
HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.
Apache Update Procedure
Check for Apache Installation
-----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server
Stop Apache
-------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop
Download and Install Apache
--------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.
Removing Apache Installation
---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf
MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY: rev.1 - 23 January 2007 Initial Release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I
otH/juFiPayhwdxQwX1pZwdm
=e4BA
-----END PGP SIGNATURE-----
.
HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.
BACKGROUND
RESOLUTION
HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
OpenOffice.org 3 Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38568
VERIFY ADVISORY:
http://secunia.com/advisories/38568/
DESCRIPTION:
Some vulnerabilities have been reported in OpenOffice.org, which can
be exploited by malicious people to bypass certain security
restrictions, conduct spoofing attacks, or compromise a user's
system.
This is related to:
SA21709
2) An error in the included libxmlsec library can be exploited to
potentially forge a valid signature.
For more information:
SA35854
3) An error in the included MSVC Runtime package can be exploited to
bypass certain security features.
SOLUTION:
Update to version 3.2.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
4) Sebastian Apelt of siberas
5) Frank Rei\xdfner and Sebastian Apelt of siberas
6) Nicolas Joly of Vupen
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
OTHER REFERENCES:
SA21709:
http://secunia.com/advisories/21709/
SA35854:
http://secunia.com/advisories/35854/
SA35967:
http://secunia.com/advisories/35967/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy.
BACKGROUND
The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report.
Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4 (SSL and BIND)
HP Tru64 UNIX v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6 (BIND)
HP Tru64 UNIX v 4.0G PK4 (BIND)
HP Tru64 UNIX v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)
BACKGROUND
RESOLUTION
HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.
The fixes contained in the ERP kits will be available in the following mainstream releases:
-Targeted for availability in HP Tru64 UNIX v 5.1B-5
-Internet Express (IX) v 6.7
-HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)
HP Tru64 UNIX Version 5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
HP Tru64 UNIX Version 5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
HP Tru64 UNIX Version 5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
HP Tru64 UNIX Version 4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
HP Tru64 UNIX Version 4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)
Location: http://h30097.www3.hp.com/cma/patches.html
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
Internet Express (IX) v 6.6 BIND
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
PRODUCT SPECIFIC INFORMATION
The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
-OpenSSL 0.9.8d
-BIND 9.2.8 built with OpenSSL 0.9.8d
Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d
Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.
The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4
| VAR-200609-1118 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1173-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
September 10th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openssl
Problem-Type : local
Vulnerability : Cryptographic weakness
Debian-specific: no
CVE ID : CVE-2006-4339
BugTraq ID : 19849
Debian Bug : 386247
Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package
that could allow an attacker to generate a forged signature that OpenSSL
will accept as valid.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.7e-3sarge2
For the unstable distribution (sid) this problem has been fixed in
version 0.9.8b-3
We recommend that you upgrade your openssl packages. Note that services
linking against the openssl shared libraries will need to be restarted.
Common examples of such services include most Mail Transport Agents, SSH
servers, and web servers.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc
Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz
Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb
Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb
Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb
Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb
Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb
Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb
Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb
Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb
Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb
Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb
Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb
Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb
Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb
Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb
Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb
Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb
Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb
Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb
Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb
Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb
Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb
Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb
Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb
Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb
Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb
Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb
Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb
Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb
Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb
Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb
Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb
Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb
Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb
Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb
Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb
Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb
Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFBAPBXm3vHE4uyloRAi3GAKDGgqkwyRLRWlGMVZCCaUAqoW/GZwCePsIu
B9S76g6dsDiigQZAK709Qmk=
=lxOo
-----END PGP SIGNATURE-----
| VAR-200609-1252 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. This vulnerability may allow an attacker to forge RSA signatures. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1174-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
September 11th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openssl096
Problem-Type : local
Vulnerability : cryptographic weakness
Debian-specific: no
CVE ID : CVE-2006-4339
BugTraq ID : 19849
Debian Bug : 386247
Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package
that could allow an attacker to generate a forged signature that OpenSSL
will accept as valid.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.6m-1sarge2
This package exists only for compatibility with older software, and is
not present in the unstable or testing branches of Debian.
We recommend that you upgrade your openssl packages. Note that services
linking against the openssl shared libraries will need to be restarted.
Common examples of such services include most Mail Transport Agents, SSH
servers, and web servers.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc
Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz
Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb
Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb
Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb
Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb
Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb
Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb
Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb
Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb
Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb
Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb
Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb
Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb
Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297
These files will probably be moved into the stable distribution on
its next update. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ===========================================================
Ubuntu Security Notice USN-339-1 September 05, 2006
openssl vulnerability
CVE-2006-4339
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.3
Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.2
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of
Google Security discovered that the OpenSSL library did not
sufficiently check the padding of PKCS #1 v1.5 signatures if the
exponent of the public key is 3 (which is widely used for CAs). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00849540
Version: 1
HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-01-17
Last Updated: 2007-01-23
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01
BACKGROUND
AFFECTED VERSIONS
For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
END AFFECTED VERSIONS
RESOLUTION
HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.
Apache Update Procedure
Check for Apache Installation
-----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server
Stop Apache
-------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop
Download and Install Apache
--------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.
Removing Apache Installation
---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf
MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY: rev.1 - 23 January 2007 Initial Release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL, AMD64 x86 emulation base libraries: RSA signature
forgery
Date: September 07, 2006
Bugs: #146375, #146438
ID: 200609-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
OpenSSL fails to properly validate PKCS #1 v1.5 signatures.
Background
==========
OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library.
The x86 emulation base libraries for AMD64 contain a vulnerable version
of OpenSSL.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 openssl < 0.9.7k >= 0.9.7k
2 emul-x86-linux-baselibs < 2.5.2 >= 2.5.2
-------------------------------------------------------------------
# Package 2 [app-emulation/emul-x86-linux-baselibs] only applies
to AMD64 users.
NOTE: Any packages listed without architecture tags apply to all
architectures...
-------------------------------------------------------------------
2 affected packages
-------------------------------------------------------------------
Description
===========
Daniel Bleichenbacher discovered that it might be possible to forge
signatures signed by RSA keys with the exponent of 3.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"
All AMD64 x86 emulation base libraries users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2"
References
==========
[ 1 ] CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200609-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8
CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers.
HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy.
BACKGROUND
The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report.
Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
| VAR-200609-1512 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.
Background
==========
The Mozilla Network Security Service is a library implementing security
features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME and X.509 certificates. This impacts any software using the NSS library, like the
Mozilla products Firefox, Thunderbird and Seamonkey. BIND uses RSA
cryptography as part of its DNSSEC implementation. As a result, to
resolve the security issue, these packages need to be upgraded and for
both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
be generated using the "-e" option of dnssec-keygen, if the current
keys were generated using the default exponent of 3.
You are able to determine if your keys are vulnerable by looking at the
algorithm (1 or 5) and the first three characters of the Base64 encoded
RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN",
"AQO", or "AQP" are vulnerable.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Corporate 3.0:
fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 4.0:
8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm
eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z
6faoicEmIFqGW4QuEVIhCbU=
=bI0u
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2007-0001
Synopsis: VMware ESX server security updates
Issue date: 2007-01-08
Updated on: 2007-01-08
CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940
CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2006-4980
- -------------------------------------------------------------------
1. Summary:
Updated ESX Patches address several security issues.
2. Relevant releases:
VMware ESX 3.0.1 without patch ESX-9986131
VMware ESX 3.0.0 without patch ESX-3069097
VMware ESX 2.5.4 prior to upgrade patch 3
VMware ESX 2.5.3 prior to upgrade patch 6
VMware ESX 2.1.3 prior to upgrade patch 4
VMware ESX 2.0.2 prior to upgrade patch 4
3. Problem description:
Problems addressed by these patches:
a. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
b. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.
c. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
d. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w.
e. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
4. Solution:
Please review the Patch notes for your version of ESX and verify the md5sum.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6. Contact:
http://www.vmware.com/security
VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html
E-mail: security@vmware.com
Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE
neFG0RikD74TCYeXKW6CBy4=
=9/6k
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. OpenSSL Security Advisory [5th September 2006]
RSA Signature Forgery (CVE-2006-4339)
=====================================
Vulnerability
-------------
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.
Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
Recommendations
---------------
There are multiple ways to avoid this vulnerability. Any one of the
following measures is sufficient. Upgrade the OpenSSL server software.
The vulnerability is resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7k (or later);
- in the 0.9.8 branch, version 0.9.8c (or later).
OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under http://www.openssl.org/source/mirror.html):
o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8c.tar.gz
MD5 checksum: 78454bec556bcb4c45129428a766c886
SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d
o openssl-0.9.7k.tar.gz
MD5 checksum: be6bba1d67b26eabb48cf1774925416f
SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
2. If this version upgrade is not an option at the present time,
alternatively the following patch may be applied to the OpenSSL
source code to resolve the problem. The patch is compatible with
the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL.
o http://www.openssl.org/news/patch-CVE-2006-4339.txt
Whether you choose to upgrade to a new version or to apply the patch,
make sure to recompile any applications statically linked to OpenSSL
libraries.
Acknowledgements
----------------
The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle
and Ben Laurie, of Google Security, who successfully forged various
certificates, showing OpenSSL was vulnerable, and provided the patch
to fix the problems. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00967144
Version: 1
HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL)
VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4 (SSL and BIND)
HP Tru64 UNIX v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6 (BIND)
HP Tru64 UNIX v 4.0G PK4 (BIND)
HP Tru64 UNIX v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)
BACKGROUND
RESOLUTION
HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.
The fixes contained in the ERP kits will be available in the following mainstream releases:
-Targeted for availability in HP Tru64 UNIX v 5.1B-5
-Internet Express (IX) v 6.7
-HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)
HP Tru64 UNIX Version 5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
HP Tru64 UNIX Version 5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
HP Tru64 UNIX Version 5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
HP Tru64 UNIX Version 4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
HP Tru64 UNIX Version 4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)
Location: http://h30097.www3.hp.com/cma/patches.html
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
Internet Express (IX) v 6.6 BIND
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
PRODUCT SPECIFIC INFORMATION
The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
-OpenSSL 0.9.8d
-BIND 9.2.8 built with OpenSSL 0.9.8d
Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d
Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.
The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.
HISTORY
Version:1 (rev.1) - 12 April 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenOffice, LibreOffice: Multiple vulnerabilities
Date: August 31, 2014
Bugs: #283370, #305195, #320491, #332321, #352864, #386081,
#409509, #429482, #514886
ID: 201408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenOffice and LibreOffice,
the worst of which may result in execution of arbitrary code.
Background
==========
OpenOffice is the open source version of StarOffice, a full office
productivity suite. LibreOffice is a fork of OpenOffice.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-office/openoffice-bin
< 3.5.5.3 >= 3.5.5.3
2 app-office/openoffice <= 3.5.5.3 Vulnerable!
3 app-office/libreoffice < 4.2.5.2 >= 4.2.5.2
4 app-office/libreoffice-bin
< 4.2.5.2 >= 4.2.5.2
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
4 affected packages
Description
===========
Multiple vulnerabilities have been discovered in OpenOffice and
Libreoffice. Please review the CVE identifiers referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenOffice (binary) users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3"
All LibreOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"=
All LibreOffice (binary) users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2"
We recommend that users unmerge OpenOffice:
# emerge --unmerge "app-office/openoffice"
References
==========
[ 1 ] CVE-2006-4339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339
[ 2 ] CVE-2009-0200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200
[ 3 ] CVE-2009-0201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201
[ 4 ] CVE-2009-0217
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217
[ 5 ] CVE-2009-2949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949
[ 6 ] CVE-2009-2950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950
[ 7 ] CVE-2009-3301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301
[ 8 ] CVE-2009-3302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302
[ 9 ] CVE-2010-0395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395
[ 10 ] CVE-2010-2935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935
[ 11 ] CVE-2010-2936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936
[ 12 ] CVE-2010-3450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450
[ 13 ] CVE-2010-3451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451
[ 14 ] CVE-2010-3452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452
[ 15 ] CVE-2010-3453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453
[ 16 ] CVE-2010-3454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454
[ 17 ] CVE-2010-3689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689
[ 18 ] CVE-2010-4253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253
[ 19 ] CVE-2010-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643
[ 20 ] CVE-2011-2713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713
[ 21 ] CVE-2012-0037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037
[ 22 ] CVE-2012-1149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149
[ 23 ] CVE-2012-2149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149
[ 24 ] CVE-2012-2334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334
[ 25 ] CVE-2012-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665
[ 26 ] CVE-2014-0247
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-19.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-200110-0402 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. RSA The signature is used to prove that the message origin can be trusted. RSA There is a vulnerability in multiple software that implements that the signature is not verified correctly. For example, SSH , SSL , PGP , X.509 May affect the software.By a remote third party RSA The signature may be forged. This may prevent the validity of the signed message. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. This vulnerability may allow an attacker to forge RSA signatures. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. BIND uses RSA
cryptography as part of its DNSSEC implementation. As a result, to
resolve the security issue, these packages need to be upgraded and for
both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
be generated using the "-e" option of dnssec-keygen, if the current
keys were generated using the default exponent of 3.
You are able to determine if your keys are vulnerable by looking at the
algorithm (1 or 5) and the first three characters of the Base64 encoded
RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN",
"AQO", or "AQP" are vulnerable.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm
4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm
8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm
Corporate 3.0:
fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm
2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm
Corporate 4.0:
8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm
ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm
eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z
6faoicEmIFqGW4QuEVIhCbU=
=bI0u
-----END PGP SIGNATURE-----
.
Any software using OpenSSL to verify X.509 certificates is potentially
vulnerable to this issue, as well as any other use of PKCS #1 v1.5,
including software uses OpenSSL for SSL or TLS. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenOffice, LibreOffice: Multiple vulnerabilities
Date: August 31, 2014
Bugs: #283370, #305195, #320491, #332321, #352864, #386081,
#409509, #429482, #514886
ID: 201408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenOffice and LibreOffice,
the worst of which may result in execution of arbitrary code.
Background
==========
OpenOffice is the open source version of StarOffice, a full office
productivity suite. LibreOffice is a fork of OpenOffice. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
4 affected packages
Description
===========
Multiple vulnerabilities have been discovered in OpenOffice and
Libreoffice. Please review the CVE identifiers referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenOffice (binary) users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3"
All LibreOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"=
All LibreOffice (binary) users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2"
We recommend that users unmerge OpenOffice:
# emerge --unmerge "app-office/openoffice"
References
==========
[ 1 ] CVE-2006-4339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339
[ 2 ] CVE-2009-0200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200
[ 3 ] CVE-2009-0201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201
[ 4 ] CVE-2009-0217
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217
[ 5 ] CVE-2009-2949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949
[ 6 ] CVE-2009-2950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950
[ 7 ] CVE-2009-3301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301
[ 8 ] CVE-2009-3302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302
[ 9 ] CVE-2010-0395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395
[ 10 ] CVE-2010-2935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935
[ 11 ] CVE-2010-2936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936
[ 12 ] CVE-2010-3450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450
[ 13 ] CVE-2010-3451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451
[ 14 ] CVE-2010-3452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452
[ 15 ] CVE-2010-3453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453
[ 16 ] CVE-2010-3454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454
[ 17 ] CVE-2010-3689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689
[ 18 ] CVE-2010-4253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253
[ 19 ] CVE-2010-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643
[ 20 ] CVE-2011-2713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713
[ 21 ] CVE-2012-0037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037
[ 22 ] CVE-2012-1149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149
[ 23 ] CVE-2012-2149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149
[ 24 ] CVE-2012-2334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334
[ 25 ] CVE-2012-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665
[ 26 ] CVE-2014-0247
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-19.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00849540
Version: 1
HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-01-17
Last Updated: 2007-01-23
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01
BACKGROUND
AFFECTED VERSIONS
For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
END AFFECTED VERSIONS
RESOLUTION
HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.
Apache Update Procedure
Check for Apache Installation
-----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server
Stop Apache
-------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop
Download and Install Apache
--------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.
Removing Apache Installation
---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf
MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY: rev.1 - 23 January 2007 Initial Release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.7e-3sarge2
For the unstable distribution (sid) this problem has been fixed in
version 0.9.8b-3
We recommend that you upgrade your openssl packages. Note that services
linking against the openssl shared libraries will need to be restarted.
Common examples of such services include most Mail Transport Agents, SSH
servers, and web servers.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc
Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz
Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb
Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb
Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb
Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb
Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb
Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb
Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb
Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb
Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb
Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb
Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb
Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb
Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb
Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb
Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb
Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb
Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb
Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb
Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb
Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb
Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb
Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb
Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb
Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb
Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb
Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb
Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb
Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb
Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb
Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb
Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb
Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb
Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb
Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb
Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb
Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb
Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de
These files will probably be moved into the stable distribution on
its next update.
1) The included libxml2 library fails to properly verify signatures.
This is related to:
SA21709
2) An error in the included libxmlsec library can be exploited to
potentially forge a valid signature.
For more information:
SA35854
3) An error in the included MSVC Runtime package can be exploited to
bypass certain security features.
5) An error in the processing GIF files can be exploited to
potentially execute arbitrary code.
6) An error in the processing of Word documents can be exploited to
potentially execute arbitrary code.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
4) Sebastian Apelt of siberas
5) Frank Rei\xdfner and Sebastian Apelt of siberas
6) Nicolas Joly of Vupen
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
OTHER REFERENCES:
SA21709:
http://secunia.com/advisories/21709/
SA35854:
http://secunia.com/advisories/35854/
SA35967:
http://secunia.com/advisories/35967/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ===========================================================
Ubuntu Security Notice USN-339-1 September 05, 2006
openssl vulnerability
CVE-2006-4339
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.3
Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.2
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of
Google Security discovered that the OpenSSL library did not
sufficiently check the padding of PKCS #1 v1.5 signatures if the
exponent of the public key is 3 (which is widely used for CAs).
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz
Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc
Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb
Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb
Size/MD5: 2693394 8554202ca8540221956438754ce83daa
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb
Size/MD5: 769732 1924597de3a34f244d50812ce47e839f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb
Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb
Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb
Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb
Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb
Size/MD5: 901102 f43171afd1211d5026a0241abbce7710
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb
Size/MD5: 499392 6c4844845826d244a5062664d725d7f4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb
Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb
Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb
Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz
Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc
Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
Size/MD5: 3132217 991615f73338a571b6a1be7d74906934
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb
Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb
Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb
Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb
Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb
Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb
Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb
Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb
Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb
Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb
Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb
Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb
Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb
Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb
Size/MD5: 2569762 159afe6386461da5a10d58594604f923
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb
Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb
Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz
Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc
Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb
Size/MD5: 571346 32560c34d375896443908ad44ef37724
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb
Size/MD5: 508988 17028f0a0751e40a77199e0727503726
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb
Size/MD5: 557516 0ea8220e55677599c9867d9104bee981
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb
Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 987236 ecacd01dc72995f246531c25e783a879
| VAR-200110-0440 | CVE-2006-4340 | OpenSSL may fail to properly parse invalid ASN.1 structures |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.
Background
==========
The Mozilla Network Security Service is a library implementing security
features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME and X.509 certificates. This impacts any software using the NSS library, like the
Mozilla products Firefox, Thunderbird and Seamonkey.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
----------------------------------------------------------------------
To improve our services to our customers, we have made a number of
additions to the Secunia Advisories and have started translating the
advisories to German.
The improvements will help our customers to get a better
understanding of how we reached our conclusions, how it was rated,
our thoughts on exploitation, attack vectors, and scenarios.
This includes:
* Reason for rating
* Extended description
* Extended solution
* Exploit code or links to exploit code
* Deep links
Read the full description:
http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information:
http://corporate.secunia.com/how_to_buy/15/?r=l
----------------------------------------------------------------------
TITLE:
Apple Airport Probe Response Kernel Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA22679
VERIFY ADVISORY:
http://secunia.com/advisories/22679/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
H.D. Moore has reported a vulnerability in the Apple Airport driver,
which potentially can be exploited by malicious people to compromise
a vulnerable system.
The vulnerability is caused due to an error in the Airport driver
provided with Orinoco-based Airport cards when handling probe
response frames. This can be exploited to overwrite kernel memory and
potentially execute arbitrary code when the driver is running in
active scanning mode.
The vulnerability is reported in the driver on a PowerBook running
version 10.4.8.
SOLUTION:
Do not place the card into active scanning mode.
PROVIDED AND/OR DISCOVERED BY:
H D Moore
ORIGINAL ADVISORY:
http://projects.info-pull.com/mokb/MOKB-01-11-2006.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1191-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 5th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
BugTraq ID : 20042
Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
CVE-2006-2788
Fernando Ribeiro discovered that a vulnerability in the getRawDER
functionallows remote attackers to cause a denial of service
(hang) and possibly execute arbitrary code.
CVE-2006-4340
Daniel Bleichenbacher recently described an implementation error
in RSA signature verification that cause the application to
incorrectly trust SSL certificates.
CVE-2006-4568
A vulnerability has been discovered that allows remote attackers
to bypass the security model and inject content into the sub-frame
of another site.
CVE-2006-4570
Georgi Guninski demonstrated that even with JavaScript disabled in
mail (the default) an attacker can still execute JavaScript when a
mail message is viewed, replied to, or forwarded.
For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8c.1.
For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.7-1.
We recommend that you upgrade your Mozilla Thunderbird packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.dsc
Size/MD5 checksum: 1003 d7261fba347b9876e873f1d424e60190
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.diff.gz
Size/MD5 checksum: 519315 066ed351050722c36274e3e837fd174f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_alpha.deb
Size/MD5 checksum: 12855288 285e55a20445ea5dffe79de01baf788c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_alpha.deb
Size/MD5 checksum: 3280106 0206d9fe08e3da2d4bf919c6b2b54ec7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_alpha.deb
Size/MD5 checksum: 152092 c5c984f0f11f94cb263f5bbef367de09
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_alpha.deb
Size/MD5 checksum: 33520 ed7e6d825f630da666e07914527f2c75
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_alpha.deb
Size/MD5 checksum: 89492 1e9ed565915dc4327e444ad999cc5daa
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_amd64.deb
Size/MD5 checksum: 12258904 f40f86252184ce7360b2b9d1e58cef8f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_amd64.deb
Size/MD5 checksum: 3281164 e4e2160d22d4721508f1762804b3b18b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_amd64.deb
Size/MD5 checksum: 151124 a72d17f827929c9189f9ba96ff73c7a1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_amd64.deb
Size/MD5 checksum: 33512 bbe0fe4a7e56a138c220790ab9de97a6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_amd64.deb
Size/MD5 checksum: 89350 f2b7e1d1d4eb5f1abb2522ddbdb46ff5
ARM architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_arm.deb
Size/MD5 checksum: 10345146 4c171699433072d443eb7b35a2550fd2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_arm.deb
Size/MD5 checksum: 3272118 a52ad3d2cd1806e936374537e135d7db
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_arm.deb
Size/MD5 checksum: 143266 9dedbe9b5f45727a93cfccb5c99bf371
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_arm.deb
Size/MD5 checksum: 33522 14d1c0d0af46731075ea7c35c2900258
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_arm.deb
Size/MD5 checksum: 81318 81219b4c82896fab12427e42df1b2760
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_hppa.deb
Size/MD5 checksum: 13570024 3a62ee11075402dfad030e2ede937191
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_hppa.deb
Size/MD5 checksum: 3285124 e9cadee2d32b2bcb56b1278043e97da4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_hppa.deb
Size/MD5 checksum: 153296 3fecaa707002afb1ba6854da724ad132
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_hppa.deb
Size/MD5 checksum: 33520 83e537b9aff4d44fd958043298a1d7f2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_hppa.deb
Size/MD5 checksum: 97390 c3ceeedcf00d99d34c7b5f424da7da63
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_i386.deb
Size/MD5 checksum: 11568436 af1de65bd715970c4432149aec80b2a2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_i386.deb
Size/MD5 checksum: 3507870 5dab89db24f1443fe782dc931f4ee0af
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_i386.deb
Size/MD5 checksum: 146732 bc52082cd1ab0f026c401204cd63b4a7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_i386.deb
Size/MD5 checksum: 33518 5d3c9700cce7b9c0261c246ed7b8afd4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_i386.deb
Size/MD5 checksum: 88084 e244c9c8b7224814774bef13f4213d4e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_ia64.deb
Size/MD5 checksum: 14628630 07bfcc171f449b86b9d62f903e29d506
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_ia64.deb
Size/MD5 checksum: 3291260 d7186841974796f8f90be26700801a95
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_ia64.deb
Size/MD5 checksum: 155452 e17eb664e56fcc0809dd36580f92cc1a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_ia64.deb
Size/MD5 checksum: 33514 fc890529fdea5526a05ffd16b96f5956
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_ia64.deb
Size/MD5 checksum: 107220 eb93528d586b050ecc3b60742b4fa344
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_m68k.deb
Size/MD5 checksum: 10794842 fa716b92e3c7a9d67fad6fd453c78bb4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_m68k.deb
Size/MD5 checksum: 3271690 d95eb910dd6d38de41c17fcb6b1c4696
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_m68k.deb
Size/MD5 checksum: 145054 2b7570676e15cea809905c442f91b5e0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_m68k.deb
Size/MD5 checksum: 33550 3db6c520d1c489fb4e17501d19dececf
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_m68k.deb
Size/MD5 checksum: 82556 32d25c11844a48ed963e3c5c51ff34fc
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mips.deb
Size/MD5 checksum: 11948708 4f58ce9668da6a12b823edaa3c8b35b3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mips.deb
Size/MD5 checksum: 3279410 e639b2bf43eda95d3ca3bb0b9aec6df7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mips.deb
Size/MD5 checksum: 148042 cb6ee4a9bd4dec3166e48e356b9c3465
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mips.deb
Size/MD5 checksum: 33524 2765555b00f4ed717b34e98c5c0d9c02
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mips.deb
Size/MD5 checksum: 84748 0e934e90bb6bd47c7500fd665728ba27
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mipsel.deb
Size/MD5 checksum: 11817078 4239077894c74444d33063229dd847df
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mipsel.deb
Size/MD5 checksum: 3280416 ac165850436e63818da8fffe134628d1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mipsel.deb
Size/MD5 checksum: 147600 ae6d7ff1b34dddab3d0c18d6e38bc77b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mipsel.deb
Size/MD5 checksum: 33518 27bed1b95a4e34a291c7e67c6a9fdd37
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mipsel.deb
Size/MD5 checksum: 84650 173fefc8b58b15398b3cccad2c812495
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_powerpc.deb
Size/MD5 checksum: 10912494 d13ec5b97f5fde0795e5f762330756f6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_powerpc.deb
Size/MD5 checksum: 3270108 dbd7eb3154db4a379fcfcda6b7d414b9
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_powerpc.deb
Size/MD5 checksum: 145048 b9ab45845f58fb064d7d1ae449481db9
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_powerpc.deb
Size/MD5 checksum: 33526 b5e07e26d215581b4cc0fea6d71beaf3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_powerpc.deb
Size/MD5 checksum: 81478 b57b8038afbfd5490a6cf847e740ab60
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_s390.deb
Size/MD5 checksum: 12705708 68195861caccd07a18a379ffe2e88403
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_s390.deb
Size/MD5 checksum: 3280614 38dec996622a4e1762a1ef683bba9c43
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_s390.deb
Size/MD5 checksum: 151436 b54ba7420653e63746d019b979f3ae76
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_s390.deb
Size/MD5 checksum: 33516 e24dafe27c103a8d40de9a905b052311
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_s390.deb
Size/MD5 checksum: 89290 9daa1eb634834e02aefde0a594bcd0f9
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_sparc.deb
Size/MD5 checksum: 11181284 adedd4c6302ddb868a531810d226143a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_sparc.deb
Size/MD5 checksum: 3275816 c38922ec47674939277e6984f87c0eb4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_sparc.deb
Size/MD5 checksum: 144702 9183a627463aa564a0313d4d361d22f3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_sparc.deb
Size/MD5 checksum: 33528 5f87736faa9ee0a9b10e29c48280798a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_sparc.deb
Size/MD5 checksum: 83122 72966880dc02a1b472dcac7b1404fa58
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFJNsFW5ql+IAeqTIRAgeZAJ0dYXyy9QKfcADcFekhEP7n0hfqeACgpro4
H5iKBfGUezJNoEbseNfM8+Q=
=Dv+0
-----END PGP SIGNATURE-----
. For details please consult the references below.
Impact
======
The most severe vulnerabilities might lead to the execution of
arbitrary code with the rights of the user running the application.
Other vulnerabilities include program crashes and the acceptance of
forged certificates.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/mozilla-thunderbird-1.5.0.7"
All Mozilla Thunderbird binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/mozilla-thunderbird-bin-1.5.0.7"
References
==========
[ 1 ] CVE-2006-4253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253
[ 2 ] CVE-2006-4340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340
[ 3 ] CVE-2006-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565
[ 4 ] CVE-2006-4566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566
[ 5 ] CVE-2006-4567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567
[ 6 ] CVE-2006-4570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570
[ 7 ] CVE-2006-4571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-200609-0101 | CVE-2006-4587 | vtiger CRM Vulnerable to cross-site scripting |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. vtiger CRM Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. (1) Unspecified module description Parameters (2) HelpDesk Module solution Parameters. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules.
Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
vtiger CRM Script Insertion and Administrative Modules Access
SECUNIA ADVISORY ID:
SA21728
VERIFY ADVISORY:
http://secunia.com/advisories/21728/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Ivan Markovic has discovered some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct script
insertion attacks and bypass certain security restrictions.
1) Input passed to the "description" field in various modules when
e.g. creating a contact and the "solution" field when an
administrator modifies the solution in the HelpDesk modules isn't
properly sanitised before being used. This can be exploited to inject
arbitrary HTML and script code, which will be executed in a user's
browser session in context of an affected site when the malicious
user data is viewed.
2) An error in the access control verification can be exploited by a
normal user to access administrative modules (e.g. the settings
section) by accessing certain URLs directly.
The vulnerabilities have been confirmed in version 4.2.4.
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Ivan Markovic
ORIGINAL ADVISORY:
http://www.security-net.biz/adv/D3906a.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200609-0102 | CVE-2006-4588 | vtiger CRM Vulnerabilities that bypass authentication |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules.
Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
vtiger CRM Script Insertion and Administrative Modules Access
SECUNIA ADVISORY ID:
SA21728
VERIFY ADVISORY:
http://secunia.com/advisories/21728/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Ivan Markovic has discovered some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct script
insertion attacks and bypass certain security restrictions.
1) Input passed to the "description" field in various modules when
e.g. creating a contact and the "solution" field when an
administrator modifies the solution in the HelpDesk modules isn't
properly sanitised before being used. This can be exploited to inject
arbitrary HTML and script code, which will be executed in a user's
browser session in context of an affected site when the malicious
user data is viewed.
2) An error in the access control verification can be exploited by a
normal user to access administrative modules (e.g. the settings
section) by accessing certain URLs directly.
The vulnerabilities have been confirmed in version 4.2.4.
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Ivan Markovic
ORIGINAL ADVISORY:
http://www.security-net.biz/adv/D3906a.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200609-0071 | CVE-2006-4613 | SnapGear Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. This vulnerability CVE-2006-4018 May be related.Service disruption by a third party (DoS) There is a possibility of being put into a state. SnapGear is prone to multiple unspecified remote denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to crash an affected device, effectively denying service to legitimate users.
These issues affect SnapGear firmware versions prior to 3.1.4u2.
This BID is being retired.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
SnapGear Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA21707
VERIFY ADVISORY:
http://secunia.com/advisories/21707/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
SnapGear 3.x
http://secunia.com/product/11807/
DESCRIPTION:
Two vulnerabilities have been reported in SnapGear, which can be
exploited by malicious people to cause a DoS (Denial of Service).
This affects the 560, 565, 580, and 710 models.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200608-0112 | CVE-2006-4461 | Paessler IPCheck Server Monitor Vulnerability in |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors
| VAR-200608-0158 | CVE-2006-4507 | PSP of Photo Viewer of libTIFF Vulnerable to arbitrary code execution |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Sony PSP TIFF Image Viewing Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA21672
VERIFY ADVISORY:
http://secunia.com/advisories/21672/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Sony PlayStation Portable (PSP) 2.x
http://secunia.com/product/5764/
DESCRIPTION:
A vulnerability has been discovered in Sony PlayStation Portable,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability has been confirmed in version 2.60 and has also
been reported in versions 2.00 through 2.80.
SOLUTION:
Do not view untrusted images.
PROVIDED AND/OR DISCOVERED BY:
Discovered by NOPx86.
Additional research by psp250, Skylark, Joek2100, CSwindle, JimP, and
Fanjita.
ORIGINAL ADVISORY:
http://noobz.eu/content/home.html#280806
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200608-0332 | CVE-2006-4305 | SAP DB Buffer overflow vulnerability in products such as |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2006-09
Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow
Author: Oliver Karow / Oliver_Karow@symantec.com
Release Date: 29-08-2006
Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM
Platform: Windows/Unix
Severity: Remotely exploitable/Local System Access
Vendor status: Verified by vendor / Resolved in 7.6.00.31
CVE Number: CVE-2006-4305
Reference: http://www.securityfocus.com/bid/19660
Overview:
A connection from a WebDBM Client to the DBM Server causes a
buffer overflow when the given database name is too large. This
can result in the execution of arbitrary code in the context of
the database server.
Details:
SAP-DB/MaxDB is a heavy-duty, SAP-certified open source
database for OLTP and OLAP usage which offers high reliability,
availability, scalability and a very comprehensive feature set.
It is targeted for large mySAP Business Suite environments
and other applications that require maximum enterprise-level
database functionality and complements the MySQL database server.
A remotely exploitable vulnerability exists in MaxDB's WebDBM. Authentication is not required
for successful exploitation to occur.
Vendor Response:
The above vulnerability has been fixed in the latest release of
the product, MaxDB 7.6.00.31.
Licensed and evaluation versions of MaxDB are available for
download in the download section of www.mysql.com/maxdb:
http://dev.mysql.com/downloads/maxdb/7.6.00.html.
If there are any further questions about this statement, please
contact mysql-MaxDB support.
Please note that SAP customers receive their downloads via the
SAP Service Marketplace www.service.sap.com and must not use
downloads from the addresses above for their SAP solutions.
Recommendation:
The vendor has released MaxDB 7.6.00.31 to address
this issue. Users should contact the vendor to obtain the
appropriate upgrade.
As a temporary workaround the SAP-DB WWW Service should either
be disabled or have access to it restricted using appropriate
network or client based access controls.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-4305
- -------Symantec Consulting Services Advisory Information-------
For questions about this advisory, or to report an error:
cs_advisories@symantec.com
For details on Symantec's Vulnerability Reporting Policy:
http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf
Consulting Services Advisory Archive:
http://www.symantec.com/research/
Consulting Services Advisory GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com
For general information on Symantec's Product Vulnerability
reporting and response:
http://www.symantec.com/security/
Symantec Product Advisory Archive:
http://www.symantec.com/avcenter/security/SymantecAdvisories.html
Symantec Product Advisory PGP Key:
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc
- ---------------------------------------------------------------
Copyright (c) 2006 by Symantec Corp.
Permission to redistribute this alert electronically is granted
as long as it is not edited in any way unless authorized by
Symantec Consulting Services. Reprinting the whole or part of
this alert in any medium other than electronically requires
permission from cs_advisories@symantec.com.
Disclaimer
The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this information.
Neither the author nor the publisher accepts any liability for any
direct, indirect, or consequential loss or damage arising from use
of, or reliance on, this information.
Symantec, Symantec products, and Symantec Consulting Services are
registered trademarks of Symantec Corp. and/or affiliated companies
in the United States and other countries. All other registered and
unregistered trademarks represented in this document are the sole
property of their respective companies/owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5
gKP3gDsY1sr7ioo8+maNHFA=
=vuXL
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
MaxDB WebDBM Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA21677
VERIFY ADVISORY:
http://secunia.com/advisories/21677/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
MaxDB 7.x
http://secunia.com/product/4012/
DESCRIPTION:
Oliver Karow has reported a vulnerability in MaxDB, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in WebDBM when
processing database names.
The vulnerability has been reported in version 7.6.00.22. Other
versions may also be affected.
SOLUTION:
Update to version 7.6.00.31 or later.
http://dev.mysql.com/downloads/maxdb/7.6.00.html
PROVIDED AND/OR DISCOVERED BY:
Oliver Karow, Symantec.
ORIGINAL ADVISORY:
Symantec:
http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes a
vulnerability, which can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA21677
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc
Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz
Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz
Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb
Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb
Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb
Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb
Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb
Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb
Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb
Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb
Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb
Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb
Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb
Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb
Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb
Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb
Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb
Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436
-- Debian GNU/Linux unstable alias sid --
Reportedly, the problem will be fixed soon
| VAR-200608-0174 | CVE-2006-4430 | Cisco NAC Vulnerabilities that bypass local and remote protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms. The Cisco NAC Agent is prone to a security-bypass vulnerability because of a design error in the application.
An attacker can exploit this issue to bypass security restrictions. This results in a false sense of security and may aid attackers in further attacks. An attacker can connect to the network by changing the default parameters of the Windows TCP/IP stack and using a custom HTTPS client (instead of a browser) to bypass host authentication
| VAR-200608-0288 | CVE-2006-4352 | Cisco 11000 series Content Service Switches of ArrowPoint Vulnerability to obtain important information in cookie function |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. IP There is a vulnerability in which important information can be obtained because the address is specified.Important information may be obtained by a third party
| VAR-200608-0046 | CVE-2006-2113 | Fuji Xerox Printing Systems Embedded HTTP Server Multiple Vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. These issues occur because the application fails to properly validate HTTP requests.
An attacker can exploit these issues to bypass authentication and gain administrative access to the affected embedded application or to cause denial-of-service conditions. This may lead to other attacks.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Dell Color Laser Printers Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21630
VERIFY ADVISORY:
http://secunia.com/advisories/21630/
CRITICAL:
Less critical
IMPACT:
Security Bypass, DoS
WHERE:
>From local network
OPERATING SYSTEM:
Dell Color Laser Printer 5110cn
http://secunia.com/product/11721/
Dell Color Laser Printer 5100cn
http://secunia.com/product/11733/
Dell Color Laser Printer 3110cn
http://secunia.com/product/11734/
Dell Color Laser Printer 3100cn
http://secunia.com/product/11736/
Dell Color Laser Printer 3010cn
http://secunia.com/product/11735/
Dell Color Laser Printer 3000cn
http://secunia.com/product/11737/
DESCRIPTION:
Some vulnerabilities have been reported in various Dell Color Laser
Printers, which can be exploited by malicious people to bypass
certain security restrictions or to cause a DoS (Denial of Service).
1) The embedded FTP server does not restrict the use of the FTP PORT
command. This can be exploited to connect to arbitrary systems
through the FTP server. This can be exploited to make unauthorized
changes to the system configuration or to cause a DoS.
The vulnerability has been reported in Dell 5110cn, Dell 3110cn, and
Dell 3010cn with firmware versions prior to A01 and in Dell 5100cn,
Dell 3100cn, and Dell 3000cn with firmware versions prior to A05.
NOTE: Other products using the Fuji Xerox Printing Engine may also be
affected.
SOLUTION:
Apply patches.
Dell 5110cn (firmware versions prior to A01):
http://ftp.us.dell.com/printer/R130538.EXE
Dell 3110cn (firmware versions prior to A01):
http://ftp.us.dell.com/printer/R130356.EXE
Dell 3010cn (firmware versions prior to A01):
http://ftp.us.dell.com/printer/R132075.EXE
Dell 5100cn (firmware versions prior to A05):
http://ftp.us.dell.com/printer/R132718.EXE
Dell 3100cn (firmware versions prior to A05):
http://ftp.us.dell.com/printer/R132079.EXE
Dell 3000cn (firmware versions prior to A05):
http://ftp.us.dell.com/printer/R132368.EXE
PROVIDED AND/OR DISCOVERED BY:
Nate Johnson and Sean Krulewitch, Indiana University.
ORIGINAL ADVISORY:
https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
PROVIDED AND/OR DISCOVERED BY:
Nate Johnson and Sean Krulewitch, Indiana University. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Indiana University Security Advisory:
Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities
Advisory ID:
20060824_FXPS_Print_Engine_Vulnerabilities[2]
Revisions:
08-24-2006 2350 UTC 1.0 Initial Public Release
Issues:
FTP bounce attack is possible when FTP printing is enabled
(CVE-2006-2112)[3]
Embedded HTTP server allows unauthenticated access to system
configuration and settings (CVE-2006-2113)[4]
Credit/acknowledgement:
CVE-2006-2112
Date of discovery: 04-11-2006
Nate Johnson, Lead Security Engineer, Indiana University
Sean Krulewitch, Deputy IT Security Officer, Indiana University
CVE-2006-2113
Date of discovery: 04-11-2006
Sean Krulewitch, Deputy IT Security Officer, Indiana University
Summary:
Certain FXPS print engines contain vulnerabilities that allow a remote
attacker to perform FTP bounce attacks through the FTP printing
interface or allow unauthenticated access to the embedded HTTP remote
user interface. This allows an attacker
to cause the FTP server to make arbitrary connections to ports on
another system, which can be used to bypass access controls and hide the
the true identity of the source of the attacker's traffic.
A successful attacker would be able to reset the administrator password
but would not be capable of exposing the current password.
Mitigation/workarounds:
Disabling FTP printing prevents the FTP bounce attack. Disabling the
embedded web server prevents the DoS/unauthorized configuration change
attack. Best practice suggests that access controls and network
firewall policies be put into place to only allow connections from
trusted machines and networks.
Criticality:
These vulnerabilities have a combined risk of moderately critical.
Footnotes:
[1] http://www.fxpsc.co.jp/en/
[2] https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113
[5] http://ftp.us.dell.com/printer/R130538.EXE
[6] http://ftp.us.dell.com/printer/R130356.EXE
[7] http://ftp.us.dell.com/printer/R132075.EXE
[8] http://ftp.us.dell.com/printer/R132718.EXE
[9] http://ftp.us.dell.com/printer/R132079.EXE
[10] http://ftp.us.dell.com/printer/R132368.EXE
All contents are Copyright 2006 The Trustees of Indiana University. All
rights reserved.
- --
Sean Krulewitch, Deputy IT Security Officer
IT Security Office, Office of the VP for Information Technology
Indiana University
For PGP Key or S/MIME cert: https://www.itso.iu.edu/Sean_Krulewitch
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe
AJYb0WM59jddPs4cSXaZOyQq
=Y7Kv
-----END PGP SIGNATURE-----