VARIoT IoT vulnerabilities database
| VAR-201204-0332 | No CVE | Fujitsu Interstage List Works Archive Folder Security Bypass Vulnerability |
CVSS V2: 3.6 CVSS V3: - Severity: Low |
Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on the lists.A user who is denied permission to access a specific data may access and delete the list. Interstage List Works is an electronic form management software. Interstage List Works has a security vulnerability that allows malicious users to bypass security restrictions.
Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions like disclosing or deleting data in archive folder; this may aid in launching further attacks. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Fujitsu Interstage List Works Archived Forms Security Bypass Weakness
SECUNIA ADVISORY ID:
SA48745
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48745/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48745
RELEASE DATE:
2012-04-11
DISCUSS ADVISORY:
http://secunia.com/advisories/48745/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48745/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48745
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness has been reported in Interstage List Works, which can be
exploited by malicious users to bypass certain security
restrictions. This
can be exploited to disclose or delete archived forms.
Please see the vendor's advisory for a list of affected products and
versions.
SOLUTION:
Apply the vendor workaround (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Fujitsu:
http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_lw_201201.html
JVN:
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001932.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0148 | CVE-2012-0146 | Microsoft Forefront Unified Access Gateway Open redirect vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability.". Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. Also known as "UAG Blind HTTP Redirection Vulnerability". ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Microsoft Forefront Unified Access Gateway Two Vulnerabilities
SECUNIA ADVISORY ID:
SA48787
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48787/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48787
RELEASE DATE:
2012-04-10
DISCUSS ADVISORY:
http://secunia.com/advisories/48787/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48787/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48787
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and a vulnerability have been reported in Microsoft
Forefront Unified Access Gateway, which can be exploited by malicious
people to conduct spoofing attacks and disclose certain sensitive
information.
1) A weakness in UAG allows redirecting users to an untrusted site
e.g. spoofing a legitimate UAG Web interface.
2) An error within the default website configuration allows access to
certain content from the external network.
SOLUTION:
Apply patches.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS12-026 (KB2663860, KB2649261, KB2649262):
http://technet.microsoft.com/en-us/security/bulletin/ms12-026
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Awareness System
Technical Cyber Security Alert TA12-101A
Microsoft Updates for Multiple Vulnerabilities
Original release date: April 10, 2012
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft .NET Framework
* Microsoft Office
* Microsoft Server Software
* Microsoft SQL Server
* Microsoft Developer Tools
* Microsoft Forefront United Access Gateway
Overview
There are multiple vulnerabilities in Microsoft Windows, Internet
Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft
Server Software, Microsoft SQL Server, Microsoft Developer Tools,
and Microsoft Forefront United Access Gateway. Microsoft has
released updates to address these vulnerabilities.
Description
The Microsoft Security Bulletin Summary for April 2012 describes
multiple vulnerabilities in Microsoft software. Microsoft has
released updates to address the vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for April 2012, which describes
any known issues related to the updates. Administrators are
encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable
automatic updates.
References
* Microsoft Security Bulletin Summary for April 2012 -
<http://technet.microsoft.com/en-us/security/bulletin/ms12-apr>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
* Microsoft Update - <https://www.update.microsoft.com/>
* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>
* Turn Automatic Updating On or Off -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Revision History
April 10, 2012: Initial release
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-101A Feedback VU#507275" in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization.
____________________________________________________________________
This product is provided subject to the Notification as indicated here:
http://www.us-cert.gov/legal.html#notify
This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2
2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG
qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU
nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b
MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO
2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg==
=Iv8O
-----END PGP SIGNATURE-----
| VAR-201204-0149 | CVE-2012-0147 | Microsoft Forefront Unified Access Gateway Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability.". Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability.
Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Microsoft Forefront Unified Access Gateway Two Vulnerabilities
SECUNIA ADVISORY ID:
SA48787
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48787/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48787
RELEASE DATE:
2012-04-10
DISCUSS ADVISORY:
http://secunia.com/advisories/48787/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48787/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48787
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and a vulnerability have been reported in Microsoft
Forefront Unified Access Gateway, which can be exploited by malicious
people to conduct spoofing attacks and disclose certain sensitive
information.
1) A weakness in UAG allows redirecting users to an untrusted site
e.g. spoofing a legitimate UAG Web interface.
2) An error within the default website configuration allows access to
certain content from the external network.
SOLUTION:
Apply patches.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS12-026 (KB2663860, KB2649261, KB2649262):
http://technet.microsoft.com/en-us/security/bulletin/ms12-026
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Awareness System
Technical Cyber Security Alert TA12-101A
Microsoft Updates for Multiple Vulnerabilities
Original release date: April 10, 2012
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft .NET Framework
* Microsoft Office
* Microsoft Server Software
* Microsoft SQL Server
* Microsoft Developer Tools
* Microsoft Forefront United Access Gateway
Overview
There are multiple vulnerabilities in Microsoft Windows, Internet
Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft
Server Software, Microsoft SQL Server, Microsoft Developer Tools,
and Microsoft Forefront United Access Gateway. Microsoft has
released updates to address these vulnerabilities.
Description
The Microsoft Security Bulletin Summary for April 2012 describes
multiple vulnerabilities in Microsoft software. Microsoft has
released updates to address the vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for April 2012, which describes
any known issues related to the updates. Administrators are
encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable
automatic updates.
References
* Microsoft Security Bulletin Summary for April 2012 -
<http://technet.microsoft.com/en-us/security/bulletin/ms12-apr>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
* Microsoft Update - <https://www.update.microsoft.com/>
* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>
* Turn Automatic Updating On or Off -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Revision History
April 10, 2012: Initial release
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-101A Feedback VU#507275" in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization.
____________________________________________________________________
This product is provided subject to the Notification as indicated here:
http://www.us-cert.gov/legal.html#notify
This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2
2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG
qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU
nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b
MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO
2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg==
=Iv8O
-----END PGP SIGNATURE-----
| VAR-201204-0171 | CVE-2012-0133 | HP ProCurve 5400 zl Switch Malware infected flash card vulnerability |
CVSS V2: 3.7 CVSS V3: - Severity: LOW |
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. The HP ProCurve 5400 zl Switch is a network switch developed by Hewlett-Packard. Some flash cards distributed by the switch have malware, which can infect the user's system if the user connects to the flash card.
Attackers can exploit this issue to infect a users's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
HP ProCurve 5400 zl Switch Malware Infected Compact Flash Card
SECUNIA ADVISORY ID:
SA48738
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48738
RELEASE DATE:
2012-04-11
DISCUSS ADVISORY:
http://secunia.com/advisories/48738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48738/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in the HP ProCurve 5400 zl Switch,
which can be exploited by malicious people to compromise a users's
system.
Please see the vendor's advisory for a list of affected models and
serial numbers.
SOLUTION:
Apply the vendor workaround (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03249176
Version: 2
HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-26
Last Updated: 2012-04-26
Potential Security Impact: Local compromise of system integrity
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity.
References: CVE-2012-0133
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This script will delete the fi(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network.
Hardware Replacement Option : For those customers who have 5400 zl switch inventory that is not on their network and must be purged, this option allows for the Management Module to be replaced. Also, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime.
Software Update Option (recommended) : The following Early Availability software update K.15.08.00007 is available which will automatically delete the malware trojan contents on the compact flash card if present. The software update also contains many other features and functionality enhancements for the switch. Note that updating the switch software should always be done with care and with an analysis of any potential impacts. Please refer to the release notes provided with the software update location below.
For Options 1 or 2, please contact HP support:
For customers with an HP Passport account, a web case can be submitted here: https://h10145.www1.hp.com/help/help_questions.aspx?l2id=48&SelectedTab=3
To talk to HP support directly, worldwide telephone numbers are available here: https://h10145.www1.hp.com/help/Help_ContactInfo.aspx?cwp=2&SelectedTab=2
For Option 3, the Early Availability software update K.15.08.00007 is available here:
https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9533A
The release notes for K.15.08.00007 is available here:
http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c03277372/c03277372.pdf
HISTORY
Version:1 (rev.1) - 10 April 2012 Initial Release
Version:2 (rev.2) - 26 April 2012 Updated case details and solution choices
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+ZqmwACgkQ4B86/C0qfVk3EQCdELKvAW0sFV2DNpCn1cajRwTJ
0GAAoJfBY3H5ZeO9qRZvSu5lD933i78M
=40Tv
-----END PGP SIGNATURE-----
| VAR-201204-0112 | CVE-2012-1182 |
Samba ndr_ValidatePassword heap overflow Remote Code Execution Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201204-0283 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles GetAliasMembership requests. When parsing the data send in the request Samba uses the field 'sids' to create a heap allocation but then uses another field, 'num_sids', to write data to the allocation. Because there is no check to see if 'num_sids' is smaller than 'sids' this could result in a heap buffer overflow that could lead to remote code execution. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. Samba is prone to a remote-code-execution vulnerability. Failed exploit attempts will cause a denial-of-service condition.
Samba versions 3.0 through 3.6.3 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03365218
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03365218
Version: 1
HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of
Arbitrary Code, Elevation of Privileges
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2012-06-13
Last Updated: 2012-06-13
----------------------------------------------------------------------------
- --
Potential Security Impact: Remote execution of arbitrary code, elevation of
privileges
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX
CIFS-Server (Samba).
References: CVE-2012-1182, CVE-2012-2111
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX CIFS-Server (Samba) A.03.01.04 or
earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-1182 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-2111 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software update to resolve the vulnerabilities.
The update is available for download from http://software.hp.com
HP-UX CIFS-Server (Samba)
HP-UX Release / Apache Depot name
A.03.01.05
11i v2 / B8725AA_A.03.01.05_HP-UX_B.11.23_IA_PA.depot
11i v3 / CIFS-SERVER_A.03.01.05_HP-UX_B.11.31_IA_PA.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX CIFS-Server (Samba) A.03.01.05 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
HP-UX B.11.31
==================
CIFS-Development.CIFS-PRG
CIFS-Server.CIFS-ADMIN
CIFS-Server.CIFS-DOC
CIFS-Server.CIFS-LIB
CIFS-Server.CIFS-RUN
CIFS-Server.CIFS-UTIL
action: install revision A.03.01.05 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 13 June 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Samba RPC Network Data Representation Marshalling Vulnerability
SECUNIA ADVISORY ID:
SA48742
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48742/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48742
RELEASE DATE:
2012-04-11
DISCUSS ADVISORY:
http://secunia.com/advisories/48742/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48742/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48742
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the Network Data
Representation (NDR) marshalling functionality when marshalling RPC
calls and can be exploited via a specially crafted remote procedure
call.
The vulnerability is reported in versions prior to 3.0.37, 3.2.15,
3.3.16, 3.4.15, 3.5.13, and 3.6.3.
SOLUTION:
Update to version 3.0.37, 3.2.15, 3.3.16, 3.4.15, 3.5.13, or 3.6.3.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Brian Gorenc and an anonymous person via ZDI.
ORIGINAL ADVISORY:
http://www.samba.org/samba/security/CVE-2012-1182
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: samba security update
Advisory ID: RHSA-2012:0465-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0465.html
Issue date: 2012-04-10
CVE Names: CVE-2012-1182
=====================================================================
1. Summary:
Updated samba packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life;
and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6.0.z) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used
to generate code to handle RPC calls, resulted in multiple buffer overflows
in Samba.
(CVE-2012-1182)
Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the smb service will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm
i386:
libsmbclient-3.0.33-3.39.el5_8.i386.rpm
samba-3.0.33-3.39.el5_8.i386.rpm
samba-client-3.0.33-3.39.el5_8.i386.rpm
samba-common-3.0.33-3.39.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm
samba-swat-3.0.33-3.39.el5_8.i386.rpm
x86_64:
libsmbclient-3.0.33-3.39.el5_8.i386.rpm
libsmbclient-3.0.33-3.39.el5_8.x86_64.rpm
samba-3.0.33-3.39.el5_8.x86_64.rpm
samba-client-3.0.33-3.39.el5_8.x86_64.rpm
samba-common-3.0.33-3.39.el5_8.i386.rpm
samba-common-3.0.33-3.39.el5_8.x86_64.rpm
samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm
samba-swat-3.0.33-3.39.el5_8.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm
i386:
libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm
x86_64:
libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.x86_64.rpm
samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm
Red Hat Enterprise Linux Long Life (v. 5.3 server):
Source:
samba-3.0.33-3.7.el5_3.5.src.rpm
i386:
samba-3.0.33-3.7.el5_3.5.i386.rpm
samba-client-3.0.33-3.7.el5_3.5.i386.rpm
samba-common-3.0.33-3.7.el5_3.5.i386.rpm
samba-debuginfo-3.0.33-3.7.el5_3.5.i386.rpm
samba-swat-3.0.33-3.7.el5_3.5.i386.rpm
ia64:
samba-3.0.33-3.7.el5_3.5.ia64.rpm
samba-client-3.0.33-3.7.el5_3.5.ia64.rpm
samba-common-3.0.33-3.7.el5_3.5.ia64.rpm
samba-debuginfo-3.0.33-3.7.el5_3.5.ia64.rpm
samba-swat-3.0.33-3.7.el5_3.5.ia64.rpm
x86_64:
samba-3.0.33-3.7.el5_3.5.x86_64.rpm
samba-client-3.0.33-3.7.el5_3.5.x86_64.rpm
samba-common-3.0.33-3.7.el5_3.5.i386.rpm
samba-common-3.0.33-3.7.el5_3.5.x86_64.rpm
samba-debuginfo-3.0.33-3.7.el5_3.5.i386.rpm
samba-debuginfo-3.0.33-3.7.el5_3.5.x86_64.rpm
samba-swat-3.0.33-3.7.el5_3.5.x86_64.rpm
Red Hat Enterprise Linux EUS (v. 5.6 server):
Source:
samba-3.0.33-3.29.el5_6.5.src.rpm
i386:
libsmbclient-3.0.33-3.29.el5_6.5.i386.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.i386.rpm
samba-3.0.33-3.29.el5_6.5.i386.rpm
samba-client-3.0.33-3.29.el5_6.5.i386.rpm
samba-common-3.0.33-3.29.el5_6.5.i386.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.i386.rpm
samba-swat-3.0.33-3.29.el5_6.5.i386.rpm
ia64:
libsmbclient-3.0.33-3.29.el5_6.5.ia64.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.ia64.rpm
samba-3.0.33-3.29.el5_6.5.ia64.rpm
samba-client-3.0.33-3.29.el5_6.5.ia64.rpm
samba-common-3.0.33-3.29.el5_6.5.ia64.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.ia64.rpm
samba-swat-3.0.33-3.29.el5_6.5.ia64.rpm
ppc:
libsmbclient-3.0.33-3.29.el5_6.5.ppc.rpm
libsmbclient-3.0.33-3.29.el5_6.5.ppc64.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.ppc.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.ppc64.rpm
samba-3.0.33-3.29.el5_6.5.ppc.rpm
samba-client-3.0.33-3.29.el5_6.5.ppc.rpm
samba-common-3.0.33-3.29.el5_6.5.ppc.rpm
samba-common-3.0.33-3.29.el5_6.5.ppc64.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.ppc.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.ppc64.rpm
samba-swat-3.0.33-3.29.el5_6.5.ppc.rpm
s390x:
libsmbclient-3.0.33-3.29.el5_6.5.s390.rpm
libsmbclient-3.0.33-3.29.el5_6.5.s390x.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.s390.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.s390x.rpm
samba-3.0.33-3.29.el5_6.5.s390x.rpm
samba-client-3.0.33-3.29.el5_6.5.s390x.rpm
samba-common-3.0.33-3.29.el5_6.5.s390.rpm
samba-common-3.0.33-3.29.el5_6.5.s390x.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.s390.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.s390x.rpm
samba-swat-3.0.33-3.29.el5_6.5.s390x.rpm
x86_64:
libsmbclient-3.0.33-3.29.el5_6.5.i386.rpm
libsmbclient-3.0.33-3.29.el5_6.5.x86_64.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.i386.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.5.x86_64.rpm
samba-3.0.33-3.29.el5_6.5.x86_64.rpm
samba-client-3.0.33-3.29.el5_6.5.x86_64.rpm
samba-common-3.0.33-3.29.el5_6.5.i386.rpm
samba-common-3.0.33-3.29.el5_6.5.x86_64.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.i386.rpm
samba-debuginfo-3.0.33-3.29.el5_6.5.x86_64.rpm
samba-swat-3.0.33-3.29.el5_6.5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm
i386:
libsmbclient-3.0.33-3.39.el5_8.i386.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm
samba-3.0.33-3.39.el5_8.i386.rpm
samba-client-3.0.33-3.39.el5_8.i386.rpm
samba-common-3.0.33-3.39.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm
samba-swat-3.0.33-3.39.el5_8.i386.rpm
ia64:
libsmbclient-3.0.33-3.39.el5_8.ia64.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.ia64.rpm
samba-3.0.33-3.39.el5_8.ia64.rpm
samba-client-3.0.33-3.39.el5_8.ia64.rpm
samba-common-3.0.33-3.39.el5_8.ia64.rpm
samba-debuginfo-3.0.33-3.39.el5_8.ia64.rpm
samba-swat-3.0.33-3.39.el5_8.ia64.rpm
ppc:
libsmbclient-3.0.33-3.39.el5_8.ppc.rpm
libsmbclient-3.0.33-3.39.el5_8.ppc64.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.ppc.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.ppc64.rpm
samba-3.0.33-3.39.el5_8.ppc.rpm
samba-client-3.0.33-3.39.el5_8.ppc.rpm
samba-common-3.0.33-3.39.el5_8.ppc.rpm
samba-common-3.0.33-3.39.el5_8.ppc64.rpm
samba-debuginfo-3.0.33-3.39.el5_8.ppc.rpm
samba-debuginfo-3.0.33-3.39.el5_8.ppc64.rpm
samba-swat-3.0.33-3.39.el5_8.ppc.rpm
s390x:
libsmbclient-3.0.33-3.39.el5_8.s390.rpm
libsmbclient-3.0.33-3.39.el5_8.s390x.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.s390.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.s390x.rpm
samba-3.0.33-3.39.el5_8.s390x.rpm
samba-client-3.0.33-3.39.el5_8.s390x.rpm
samba-common-3.0.33-3.39.el5_8.s390.rpm
samba-common-3.0.33-3.39.el5_8.s390x.rpm
samba-debuginfo-3.0.33-3.39.el5_8.s390.rpm
samba-debuginfo-3.0.33-3.39.el5_8.s390x.rpm
samba-swat-3.0.33-3.39.el5_8.s390x.rpm
x86_64:
libsmbclient-3.0.33-3.39.el5_8.i386.rpm
libsmbclient-3.0.33-3.39.el5_8.x86_64.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm
libsmbclient-devel-3.0.33-3.39.el5_8.x86_64.rpm
samba-3.0.33-3.39.el5_8.x86_64.rpm
samba-client-3.0.33-3.39.el5_8.x86_64.rpm
samba-common-3.0.33-3.39.el5_8.i386.rpm
samba-common-3.0.33-3.39.el5_8.x86_64.rpm
samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm
samba-swat-3.0.33-3.39.el5_8.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
i386:
libsmbclient-3.5.10-115.el6_2.i686.rpm
samba-client-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-winbind-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
x86_64:
libsmbclient-3.5.10-115.el6_2.i686.rpm
libsmbclient-3.5.10-115.el6_2.x86_64.rpm
samba-client-3.5.10-115.el6_2.x86_64.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
i386:
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
samba-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-doc-3.5.10-115.el6_2.i686.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm
samba-swat-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm
x86_64:
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm
samba-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-doc-3.5.10-115.el6_2.x86_64.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm
samba-swat-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
x86_64:
samba-client-3.5.10-115.el6_2.x86_64.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
x86_64:
libsmbclient-3.5.10-115.el6_2.i686.rpm
libsmbclient-3.5.10-115.el6_2.x86_64.rpm
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm
samba-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-doc-3.5.10-115.el6_2.x86_64.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm
samba-swat-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.0):
Source:
samba-3.5.4-68.el6_0.3.src.rpm
i386:
libsmbclient-3.5.4-68.el6_0.3.i686.rpm
samba-3.5.4-68.el6_0.3.i686.rpm
samba-client-3.5.4-68.el6_0.3.i686.rpm
samba-common-3.5.4-68.el6_0.3.i686.rpm
samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm
samba-winbind-3.5.4-68.el6_0.3.i686.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.i686.rpm
ppc64:
libsmbclient-3.5.4-68.el6_0.3.ppc.rpm
libsmbclient-3.5.4-68.el6_0.3.ppc64.rpm
samba-3.5.4-68.el6_0.3.ppc64.rpm
samba-client-3.5.4-68.el6_0.3.ppc64.rpm
samba-common-3.5.4-68.el6_0.3.ppc.rpm
samba-common-3.5.4-68.el6_0.3.ppc64.rpm
samba-debuginfo-3.5.4-68.el6_0.3.ppc.rpm
samba-debuginfo-3.5.4-68.el6_0.3.ppc64.rpm
samba-winbind-3.5.4-68.el6_0.3.ppc64.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.ppc.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.ppc64.rpm
s390x:
libsmbclient-3.5.4-68.el6_0.3.s390.rpm
libsmbclient-3.5.4-68.el6_0.3.s390x.rpm
samba-3.5.4-68.el6_0.3.s390x.rpm
samba-client-3.5.4-68.el6_0.3.s390x.rpm
samba-common-3.5.4-68.el6_0.3.s390.rpm
samba-common-3.5.4-68.el6_0.3.s390x.rpm
samba-debuginfo-3.5.4-68.el6_0.3.s390.rpm
samba-debuginfo-3.5.4-68.el6_0.3.s390x.rpm
samba-winbind-3.5.4-68.el6_0.3.s390x.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.s390.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.s390x.rpm
x86_64:
libsmbclient-3.5.4-68.el6_0.3.i686.rpm
libsmbclient-3.5.4-68.el6_0.3.x86_64.rpm
samba-3.5.4-68.el6_0.3.x86_64.rpm
samba-client-3.5.4-68.el6_0.3.x86_64.rpm
samba-common-3.5.4-68.el6_0.3.i686.rpm
samba-common-3.5.4-68.el6_0.3.x86_64.rpm
samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm
samba-debuginfo-3.5.4-68.el6_0.3.x86_64.rpm
samba-winbind-3.5.4-68.el6_0.3.x86_64.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.i686.rpm
samba-winbind-clients-3.5.4-68.el6_0.3.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.1):
Source:
samba-3.5.6-86.el6_1.5.src.rpm
i386:
libsmbclient-3.5.6-86.el6_1.5.i686.rpm
samba-3.5.6-86.el6_1.5.i686.rpm
samba-client-3.5.6-86.el6_1.5.i686.rpm
samba-common-3.5.6-86.el6_1.5.i686.rpm
samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm
samba-winbind-3.5.6-86.el6_1.5.i686.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.i686.rpm
ppc64:
libsmbclient-3.5.6-86.el6_1.5.ppc.rpm
libsmbclient-3.5.6-86.el6_1.5.ppc64.rpm
samba-3.5.6-86.el6_1.5.ppc64.rpm
samba-client-3.5.6-86.el6_1.5.ppc64.rpm
samba-common-3.5.6-86.el6_1.5.ppc.rpm
samba-common-3.5.6-86.el6_1.5.ppc64.rpm
samba-debuginfo-3.5.6-86.el6_1.5.ppc.rpm
samba-debuginfo-3.5.6-86.el6_1.5.ppc64.rpm
samba-winbind-3.5.6-86.el6_1.5.ppc64.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.ppc.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.ppc64.rpm
s390x:
libsmbclient-3.5.6-86.el6_1.5.s390.rpm
libsmbclient-3.5.6-86.el6_1.5.s390x.rpm
samba-3.5.6-86.el6_1.5.s390x.rpm
samba-client-3.5.6-86.el6_1.5.s390x.rpm
samba-common-3.5.6-86.el6_1.5.s390.rpm
samba-common-3.5.6-86.el6_1.5.s390x.rpm
samba-debuginfo-3.5.6-86.el6_1.5.s390.rpm
samba-debuginfo-3.5.6-86.el6_1.5.s390x.rpm
samba-winbind-3.5.6-86.el6_1.5.s390x.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.s390.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.s390x.rpm
x86_64:
libsmbclient-3.5.6-86.el6_1.5.i686.rpm
libsmbclient-3.5.6-86.el6_1.5.x86_64.rpm
samba-3.5.6-86.el6_1.5.x86_64.rpm
samba-client-3.5.6-86.el6_1.5.x86_64.rpm
samba-common-3.5.6-86.el6_1.5.i686.rpm
samba-common-3.5.6-86.el6_1.5.x86_64.rpm
samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm
samba-debuginfo-3.5.6-86.el6_1.5.x86_64.rpm
samba-winbind-3.5.6-86.el6_1.5.x86_64.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.i686.rpm
samba-winbind-clients-3.5.6-86.el6_1.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
i386:
libsmbclient-3.5.10-115.el6_2.i686.rpm
samba-3.5.10-115.el6_2.i686.rpm
samba-client-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-winbind-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
ppc64:
libsmbclient-3.5.10-115.el6_2.ppc.rpm
libsmbclient-3.5.10-115.el6_2.ppc64.rpm
samba-3.5.10-115.el6_2.ppc64.rpm
samba-client-3.5.10-115.el6_2.ppc64.rpm
samba-common-3.5.10-115.el6_2.ppc.rpm
samba-common-3.5.10-115.el6_2.ppc64.rpm
samba-debuginfo-3.5.10-115.el6_2.ppc.rpm
samba-debuginfo-3.5.10-115.el6_2.ppc64.rpm
samba-winbind-3.5.10-115.el6_2.ppc64.rpm
samba-winbind-clients-3.5.10-115.el6_2.ppc.rpm
samba-winbind-clients-3.5.10-115.el6_2.ppc64.rpm
s390x:
libsmbclient-3.5.10-115.el6_2.s390.rpm
libsmbclient-3.5.10-115.el6_2.s390x.rpm
samba-3.5.10-115.el6_2.s390x.rpm
samba-client-3.5.10-115.el6_2.s390x.rpm
samba-common-3.5.10-115.el6_2.s390.rpm
samba-common-3.5.10-115.el6_2.s390x.rpm
samba-debuginfo-3.5.10-115.el6_2.s390.rpm
samba-debuginfo-3.5.10-115.el6_2.s390x.rpm
samba-winbind-3.5.10-115.el6_2.s390x.rpm
samba-winbind-clients-3.5.10-115.el6_2.s390.rpm
samba-winbind-clients-3.5.10-115.el6_2.s390x.rpm
x86_64:
libsmbclient-3.5.10-115.el6_2.i686.rpm
libsmbclient-3.5.10-115.el6_2.x86_64.rpm
samba-3.5.10-115.el6_2.x86_64.rpm
samba-client-3.5.10-115.el6_2.x86_64.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6.0.z):
Source:
samba-3.5.4-68.el6_0.3.src.rpm
i386:
libsmbclient-devel-3.5.4-68.el6_0.3.i686.rpm
samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm
samba-doc-3.5.4-68.el6_0.3.i686.rpm
samba-domainjoin-gui-3.5.4-68.el6_0.3.i686.rpm
samba-swat-3.5.4-68.el6_0.3.i686.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.i686.rpm
ppc64:
libsmbclient-devel-3.5.4-68.el6_0.3.ppc.rpm
libsmbclient-devel-3.5.4-68.el6_0.3.ppc64.rpm
samba-debuginfo-3.5.4-68.el6_0.3.ppc.rpm
samba-debuginfo-3.5.4-68.el6_0.3.ppc64.rpm
samba-doc-3.5.4-68.el6_0.3.ppc64.rpm
samba-domainjoin-gui-3.5.4-68.el6_0.3.ppc64.rpm
samba-swat-3.5.4-68.el6_0.3.ppc64.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.ppc.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.ppc64.rpm
s390x:
libsmbclient-devel-3.5.4-68.el6_0.3.s390.rpm
libsmbclient-devel-3.5.4-68.el6_0.3.s390x.rpm
samba-debuginfo-3.5.4-68.el6_0.3.s390.rpm
samba-debuginfo-3.5.4-68.el6_0.3.s390x.rpm
samba-doc-3.5.4-68.el6_0.3.s390x.rpm
samba-domainjoin-gui-3.5.4-68.el6_0.3.s390x.rpm
samba-swat-3.5.4-68.el6_0.3.s390x.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.s390.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.s390x.rpm
x86_64:
libsmbclient-devel-3.5.4-68.el6_0.3.i686.rpm
libsmbclient-devel-3.5.4-68.el6_0.3.x86_64.rpm
samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm
samba-debuginfo-3.5.4-68.el6_0.3.x86_64.rpm
samba-doc-3.5.4-68.el6_0.3.x86_64.rpm
samba-domainjoin-gui-3.5.4-68.el6_0.3.x86_64.rpm
samba-swat-3.5.4-68.el6_0.3.x86_64.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.i686.rpm
samba-winbind-devel-3.5.4-68.el6_0.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
samba-3.5.6-86.el6_1.5.src.rpm
i386:
libsmbclient-devel-3.5.6-86.el6_1.5.i686.rpm
samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm
samba-doc-3.5.6-86.el6_1.5.i686.rpm
samba-domainjoin-gui-3.5.6-86.el6_1.5.i686.rpm
samba-swat-3.5.6-86.el6_1.5.i686.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.i686.rpm
samba-winbind-krb5-locator-3.5.6-86.el6_1.5.i686.rpm
ppc64:
libsmbclient-devel-3.5.6-86.el6_1.5.ppc.rpm
libsmbclient-devel-3.5.6-86.el6_1.5.ppc64.rpm
samba-debuginfo-3.5.6-86.el6_1.5.ppc.rpm
samba-debuginfo-3.5.6-86.el6_1.5.ppc64.rpm
samba-doc-3.5.6-86.el6_1.5.ppc64.rpm
samba-domainjoin-gui-3.5.6-86.el6_1.5.ppc64.rpm
samba-swat-3.5.6-86.el6_1.5.ppc64.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.ppc.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.ppc64.rpm
samba-winbind-krb5-locator-3.5.6-86.el6_1.5.ppc64.rpm
s390x:
libsmbclient-devel-3.5.6-86.el6_1.5.s390.rpm
libsmbclient-devel-3.5.6-86.el6_1.5.s390x.rpm
samba-debuginfo-3.5.6-86.el6_1.5.s390.rpm
samba-debuginfo-3.5.6-86.el6_1.5.s390x.rpm
samba-doc-3.5.6-86.el6_1.5.s390x.rpm
samba-domainjoin-gui-3.5.6-86.el6_1.5.s390x.rpm
samba-swat-3.5.6-86.el6_1.5.s390x.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.s390.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.s390x.rpm
samba-winbind-krb5-locator-3.5.6-86.el6_1.5.s390x.rpm
x86_64:
libsmbclient-devel-3.5.6-86.el6_1.5.i686.rpm
libsmbclient-devel-3.5.6-86.el6_1.5.x86_64.rpm
samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm
samba-debuginfo-3.5.6-86.el6_1.5.x86_64.rpm
samba-doc-3.5.6-86.el6_1.5.x86_64.rpm
samba-domainjoin-gui-3.5.6-86.el6_1.5.x86_64.rpm
samba-swat-3.5.6-86.el6_1.5.x86_64.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.i686.rpm
samba-winbind-devel-3.5.6-86.el6_1.5.x86_64.rpm
samba-winbind-krb5-locator-3.5.6-86.el6_1.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
i386:
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-doc-3.5.10-115.el6_2.i686.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm
samba-swat-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm
ppc64:
libsmbclient-devel-3.5.10-115.el6_2.ppc.rpm
libsmbclient-devel-3.5.10-115.el6_2.ppc64.rpm
samba-debuginfo-3.5.10-115.el6_2.ppc.rpm
samba-debuginfo-3.5.10-115.el6_2.ppc64.rpm
samba-doc-3.5.10-115.el6_2.ppc64.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.ppc64.rpm
samba-swat-3.5.10-115.el6_2.ppc64.rpm
samba-winbind-devel-3.5.10-115.el6_2.ppc.rpm
samba-winbind-devel-3.5.10-115.el6_2.ppc64.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.ppc64.rpm
s390x:
libsmbclient-devel-3.5.10-115.el6_2.s390.rpm
libsmbclient-devel-3.5.10-115.el6_2.s390x.rpm
samba-debuginfo-3.5.10-115.el6_2.s390.rpm
samba-debuginfo-3.5.10-115.el6_2.s390x.rpm
samba-doc-3.5.10-115.el6_2.s390x.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.s390x.rpm
samba-swat-3.5.10-115.el6_2.s390x.rpm
samba-winbind-devel-3.5.10-115.el6_2.s390.rpm
samba-winbind-devel-3.5.10-115.el6_2.s390x.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.s390x.rpm
x86_64:
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-doc-3.5.10-115.el6_2.x86_64.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm
samba-swat-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
i386:
libsmbclient-3.5.10-115.el6_2.i686.rpm
samba-3.5.10-115.el6_2.i686.rpm
samba-client-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-winbind-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
x86_64:
libsmbclient-3.5.10-115.el6_2.i686.rpm
libsmbclient-3.5.10-115.el6_2.x86_64.rpm
samba-3.5.10-115.el6_2.x86_64.rpm
samba-client-3.5.10-115.el6_2.x86_64.rpm
samba-common-3.5.10-115.el6_2.i686.rpm
samba-common-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-clients-3.5.10-115.el6_2.i686.rpm
samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm
i386:
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-doc-3.5.10-115.el6_2.i686.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm
samba-swat-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm
x86_64:
libsmbclient-devel-3.5.10-115.el6_2.i686.rpm
libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm
samba-debuginfo-3.5.10-115.el6_2.i686.rpm
samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm
samba-doc-3.5.10-115.el6_2.x86_64.rpm
samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm
samba-swat-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-devel-3.5.10-115.el6_2.i686.rpm
samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm
samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-1182.html
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPhKMWXlSAg2UNWIIRAk8XAKCPxrS7IDoIlqr0tNZZiZEE3bCLIwCfZ0DY
qQZ8Iim8i5o7EbExdP7Kkjc=
=Q/7p
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1423-1
April 13, 2012
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Samba could be made to run programs as the administrator if it received
specially crafted network traffic.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Brian Gorenc discovered that Samba incorrectly calculated array bounds when
handling remote procedure calls (RPC) over the network. (CVE-2012-1182)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
samba 2:3.5.11~dfsg-1ubuntu2.2
Ubuntu 11.04:
samba 2:3.5.8~dfsg-1ubuntu2.4
Ubuntu 10.04 LTS:
samba 2:3.4.7~dfsg-1ubuntu3.9
Ubuntu 8.04 LTS:
samba 3.0.28a-1ubuntu4.18
In general, a standard system update will make all the necessary changes.
Background
==========
Samba is a suite of SMB and CIFS client/server programs.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-fs/samba < 3.5.15 >= 3.5.15
Description
===========
Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details. Furthermore, a local attacker
may be able to cause a Denial of Service condition or obtain sensitive
information in a Samba credentials file.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Samba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-3.5.15"
References
==========
[ 1 ] CVE-2009-2906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2906
[ 2 ] CVE-2009-2948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948
[ 3 ] CVE-2010-0728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0728
[ 4 ] CVE-2010-1635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1635
[ 5 ] CVE-2010-1642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642
[ 6 ] CVE-2010-2063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2063
[ 7 ] CVE-2010-3069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069
[ 8 ] CVE-2011-0719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0719
[ 9 ] CVE-2011-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678
[ 10 ] CVE-2011-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2724
[ 11 ] CVE-2012-0870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0870
[ 12 ] CVE-2012-1182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1182
[ 13 ] CVE-2012-2111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2111
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-22.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0233 | No CVE | GE Energy D20/D200 Substation Controller Remote Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: HIGH |
The D20/D200 Substation Controller is the gateway to the SCADA master, downstream substation, and feeder of the IED. General Electric (GE) The D20ME is part of the GE D20Substation Controller product. The General Electric D20/D200 device contains multiple buffer overflow vulnerabilities in the TFTP server, allowing remote attackers to perform denial of service attacks on devices or to execute arbitrary code in the context of the application. D20/D200 Substation Controller is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition
| VAR-201204-0127 | CVE-2012-1802 | Siemens Scalance X Industrial Ethernet Buffer overflow vulnerability in switch |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. Siemens Scalance X Switches is a switch device developed by Siemens. Siemens Scalance X Switches has security vulnerabilities that can be exploited by malicious users for denial of service attacks. When the embedded WEB server processes the HTTP request, there is an error, and the attacker sends a specially made request to the management WEB interface to restart the device. The following modules are affected by this vulnerability: * Scalance X414-3E* Scalance X308-2M* Scalance X-300EEC* Scalance XR-300* Scalance X-300.
Successfully exploiting this issue allows an attacker to reboot the affected device, denying service to legitimate users.
The following versions are vulnerable:
Scalance X414-3E running firmware versions prior to 3.7.1
Scalance X switches running firmware versions prior to 3.7.2. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens Scalance X Switches HTTP Request Handling Denial of Service
SECUNIA ADVISORY ID:
SA48730
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48730/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48730
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48730/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48730/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48730
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Siemens Scalance X Switches,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits J\xfcrgen Bilberger, Daimler TSS GmbH.
ORIGINAL ADVISORY:
Siemens SSA-130874:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0202 | CVE-2012-2210 | Sony BRAVIA TV Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. The Sony BRAVIA KDL-32CX525 is an HD LCD TV. A denial of service vulnerability exists in Sony BRAVIA TV that originated from errors in processing datagrams. An attacker could exploit the vulnerability to cause a device to stop responding and eventually shut down with a brute force attack. This vulnerability exists in the KDL-32CX525 release and other versions may be affected. Bravia Tv is prone to a denial-of-service vulnerability. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Sony BRAVIA TV Datagram Flooding Denial of Service
SECUNIA ADVISORY ID:
SA48705
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48705/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48705
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48705/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48705/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48705
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Sony BRAVIA TV, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in KDL-32CX525.
SOLUTION:
No fix is currently available.
PROVIDED AND/OR DISCOVERED BY:
Gabriel Menezes Nunes
ORIGINAL ADVISORY:
Gabriel Menezes Nunes:
http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0110 | CVE-2012-6068 | CoDeSys Access Security Bypass Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: HIGH |
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. CoDeSys is a PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. CoDeSys has an Access Verification Bypass vulnerability that allows an attacker to exploit an exploit for unauthorized access or to perform unauthorized configuration changes, including arbitrary code execution. The CoDeSys Runtime Toolkit does not require user authentication when connecting devices, allowing an attacker to gain administrator privileges on the device and thereby control the application device. The WAGO IPC 758-870 is prone to a security-bypass vulnerability caused by a hard-coded password. CoDeSys is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authentication.
Successfully exploiting this issue may also result in arbitrary code-execution. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
CoDeSys Authentication Bypass and Directory Traversal Vulnerabilities
SECUNIA ADVISORY ID:
SA51847
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51847/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51847
RELEASE DATE:
2013-01-14
DISCUSS ADVISORY:
http://secunia.com/advisories/51847/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51847/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51847
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Digital Bond has reported two vulnerabilities in CoDeSys, which can
be exploited by malicious people to bypass certain security
restrictions and compromise a vulnerable system.
1) An error within the authentication mechanism does not properly
restrict access to the device and can be exploited to perform certain
administrative tasks.
2) Certain input passed to the file transfer functionality is not
properly verified before being used to access files. This can be
exploited to read, delete, or upload arbitrary files via directory
traversal sequences.
The vulnerabilities are reported in versions 2.3.x and 2.4.x.
SOLUTION:
Apply patches (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY:
Reid Wightman, Digital Bond.
ORIGINAL ADVISORY:
ICS-CERT (ICSA-13-011-01):
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
CoDeSys:
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
SEC Consult Vulnerability Lab Security Advisory < 20171130-0 >
=======================================================================
title: Critical CODESYS vulnerabilities
product: WAGO PFC 200 Series, see "Vulnerable / tested versions"
vulnerable version: plclinux_rt 2.4.7.0, see "Vulnerable / tested versions"
fixed version: PFC200 FW11
CVE number: -
impact: critical
homepage: https://www.codesys.com
found: 2017-07-28
by: T. Weber (Office Vienna)
SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for
decentralized automation tasks. With the relay, function and interface
modules, as well as overvoltage protection, WAGO provides a suitable interface
for any application."
Source: http://global.wago.com/en/products/product-catalog/
components-automation/overview/index.jsp
"The PFC family of controllers offers advanced compact, computing power for PLC
programming and process visualization. Programmable in accordance with IEC 61131-3
600, PFC controllers feature a 600 MHz ARM Cortex A8 processor that offers high
speed processing and support of 64 bit variables."
Source:
http://www.wago.us/products/components-for-automation/modular-io-system-series-750-753/programmable-fieldbus-controller/pfc200/index.jsp
Business recommendation:
------------------------
Because of the use in industrial and safety-critical environments the patch has
to be applied as soon as it is available. We explicitly point out to all users
in this sector that this device series in the mentioned device series with
firmware 02.07.07(10) should not be connected directly to the internet (or even
act as gateway) since it is very likely that an attacker can compromise the
whole network via such an device.
SEC Consult recommends not to use this product in a production environment
until a thorough security review has been performed by security professionals.
Vulnerability overview/description:
-----------------------------------
The "plclinux_rt" service accepts different unauthenticated actions.
This vulnerability contains the architectural security problems described by
Reid Wightman. The SDK of "plclinux_rt" is written by the same vendor (3S).
Therefore, the file commands of "Digital Bond's 3S CODESYS Tools", created
around 2012 are applicable.
(See https://ics-cert.us-cert.gov/advisories/ICSA-13-011-01)
The CODESYS command-line is protected with login credentials, that's why the
shell of the mentioned tools does not provide root access out of the box. But
after some investigation it was clear that there are further functions which
are reachable without using the command-line and without any authentication.
These functions in "plclinux_rt" can be triggered by sending the correct
TCP payload on the bound port (by default 2455).
Some of the triggerable functions are:
* Arbitrary file read/write/delete (also covered by "Digital Bond's Tools")
* Step over a function in the currently executed PLC program
* Cycle step any function in the currently executed PLC program
* Delete the current variable list of the currently executed PLC program
* And more functions...
Since SSH is activated by default, an unauthenticated attacker can rewrite
"/etc/shadow" and gain root privileges easily via these attack vectors!
1) Critical Improper Authentication / Design Issue
Files can be fetched, written and deleted. Running tasks on the PLC can be
restarted, stepped and crashed.
An attacker can therefore replace the password hash in the shadow file. A
memory corruption (and potential reverse-shell) is also possible via arbitrary
TCP packets.
There are potentially more commands which can be triggered, but this was not
covered by the short security crash test.
Proof of concept:
-----------------
As there is no patch available yet, the detailed proof of concept information has
been removed from this advisory.
1) Critical Improper Authentication / Design Issue
Two payloads are specified here as proof of concept for file manipulation.
Four payloads for live program manipulation are also listed.
File read and delete without any authentication.
Read "/etc/shadow":
echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port>
Delete "/etc/test":
echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port>
Runnning PLC tasks could be modified with the following payloads:
Step over function:
echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port>
Cycle step function:
echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port>
Delete variable list (produces stack-trace / denial of service):
echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port>
The actual function is chosen by the 7th byte in the latter payloads. E.g.:
0x31 -> read file
0x36 -> delete file
0x0a -> step over
0x24 -> cycle step
0x15 -> delete variable list
There are much more functions hidden in the "plclinux_rt" binary. This
is just an excerpt of a few available functions.
These functions can be examined from "SrvComputeService". Two pseudo code
snippets generated by IDA Pro shows some examples (the functionality can be
quickly determined from the corresponding debug message):
[PoC removed from this advisory]
Vulnerable / tested versions:
-----------------------------
WAGO PFC200 Series / Firmware 02.07.07(10)
(17 affected devices)
750-8202
750-8202/025-000
750-8202/025-001
750-8202/025-002
750-8202/040-001
750-8203
750-8203/025-000
750-8204
750-8204/025-000
750-8206
750-8206/025-000
750-8206/025-001
750-8207
750-8207/025-000
750-8207/025-001
750-8208
750-8208/025-000
The WAGO contact stated during a call that all PLCs of the 750-88X Series are not
vulnerable due to a custom fix from WAGO. The contact also stated that the PLCs
of the 750-810X (PFC100) series are also not vulnerable because they have
CODESYS 3.5 deployed.
Devices of any other vendor which use the CODESYS 2.3.X/2.4.X runtime are
potentially prone to the same vulnerability.
Vendor contact timeline:
------------------------
2017-08-02: Contacting vendor through info@wago.com and set the
publication date to 2017-09-21.
2017-08-09: Sending a reminder to info@wago.com
2017-08-16: Found a dedicated security contact of WAGO. Contacting
this employee via e-mail.
2017-08-17: Contact responds that he will read the redirected e-mail
from info@wago.com. Sending e-mail to contact that the
message sent to info@wago.com does not contain the actual
advisory and that an encrypted channel should be used for
transmission.
2017-08-22: Sending reminder to contact and re-transmitting the
responsible disclosure policy and all possible ways
to transmit the advisory.
2017-08-29: Uploading advisory to WAGO ShareFile.
2017-09-15: Telephone call with WAGO contact. Discussion about the
vulnerability. Fix will be available in the next firmware
version. Vendor clarified that series 750-88X is not prone
to the reported vulnerability. Set the publication date to
2017-09-28.
2017-09-26: Telephone call with vendor. Vendor is working on a fix of
the vulnerabilities. Set the publication date to 2017-10-12.
2017-10-06: Sending a reminder to the vendor; No answer.
2017-10-11: Sending a reminder to the vendor. Vendor states that they
are working on an update and a timeline for the fix will
be provided on 2017-10-13.
2017-10-13: Asked for an update; No answer.
2017-10-17: Informing the vendor that the publication date was set to
2017-10-23.
2017-10-19: Vendor responds that vulnerability in PFC200 series will be
patched in firmware version FW12. Set publication date to
2017-10-27 and asked the vendor for a time-line regarding
the PFC100 series.
2017-10-20: Vendor responds that PFC100 series is not vulnerable since
it does not contain CODESYS 2.4 run-time. Vendor corrected
the firmware to version FW11. The patch will be available
in January 2018.
2017-10-30: Informed vendor that the advisory will be published on
2017-11-30.
2017-11-30: Advisory release
Solution:
---------
Update your WAGO PFC200 Series to firmware version FW11 as soon as it is
available. In the meantime, see the workaround section.
Workaround:
-----------
Delete "plclinux_rt" or close the programming port (2455).
Network access to the device should be restricted.
Advisory URL:
-------------
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/contact/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult
EOF T. Weber / @2017
| VAR-201204-0124 | CVE-2012-1799 | Siemens Scalance Firewall Brute Force Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness.
Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. The vulnerability is due to the unlimited number of verification times. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens Scalance Firewall Two Vulnerabilities
SECUNIA ADVISORY ID:
SA48680
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48680/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48680/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48680/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability and a weakness have been reported in Siemens Scalance
Firewall, which can be exploited by malicious people to conduct
brute-force attacks or cause a DoS (Denial of Service).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State
University.
ORIGINAL ADVISORY:
Siemens SSA-268149:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0270 | No CVE | Sony Bravia 'hping' Command Remote Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The Sony Bravia KDL-32CX525 is a smart TV device. The Sony Bravia KDL-32CX525 has a security vulnerability that allows an attacker to crash an application and cause a denial of service attack. Sony Bravia is prone to a remote denial-of-service vulnerability
| VAR-201204-0125 | CVE-2012-1800 | Siemens Scalance S Security Module firewall Buffer Overflow Vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness.
Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens Scalance Firewall Two Vulnerabilities
SECUNIA ADVISORY ID:
SA48680
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48680/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48680/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48680/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability and a weakness have been reported in Siemens Scalance
Firewall, which can be exploited by malicious people to conduct
brute-force attacks or cause a DoS (Denial of Service).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State
University.
ORIGINAL ADVISORY:
Siemens SSA-268149:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0226 | CVE-2012-2053 | F5 FirePass of sudoers Vulnerability that can get permission in file |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. This vulnerability CVE-2012-1777 Is a different vulnerability.By local users sudo There is a possibility that the authority is acquired through the program. Firepass is prone to a local security vulnerability. This vulnerability has been verified by a user account capable of executing PHP scripts
| VAR-201204-0126 | CVE-2012-1801 | plural ABB Product stack-based buffer overflow vulnerability |
CVSS V2: 7.7 CVSS V3: - Severity: HIGH |
Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. ABB is a leader in power and automation technology among the world's top 500 companies. ABB's multiple products include COM and ActiveX controls that do not adequately check user input data, and an attacker builds a malicious WEB page, convincing the user to parse, spilling the stack pointer or causing control to stop. Multiple ABB products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control (typically Internet Explorer). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
ABB Multiple Products ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA48693
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48693/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48693
RELEASE DATE:
2012-04-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48693/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48693/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48693
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in various ABB products, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in an unspecified ActiveX
control and can be exploited to cause a stack-based buffer overflow.
Successful exploitation may allow execution of arbitrary code. Instead, set the kill-bit for the
affected ActiveX control (contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY:
Terry McCorkle and Billy Rios
ORIGINAL ADVISORY:
ABB-VU-DMRO-41532:
http://www.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf
ICSA-12-095-01:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0459 | CVE-2012-4891 | ManageEngine Firewall Analyzer of fw/index2.do Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. ManageEngine Firewall Analyzer of fw/index2.do Contains a cross-site scripting vulnerability. ZOHO ManageEngine Firewall Analyzer is a set of web-based firewall log analysis tools from ZOHO, USA. It can collect, correlate analysis and report logs on firewalls, proxy servers and Radius servers throughout the enterprise. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
ManageEngine Firewall Analyzer Multiple Cross-Site Scripting
Vulnerabilities
SECUNIA ADVISORY ID:
SA48657
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48657/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48657
RELEASE DATE:
2012-04-02
DISCUSS ADVISORY:
http://secunia.com/advisories/48657/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48657/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48657
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Vulnerability Lab has discovered multiple vulnerabilities in
ManageEngine Firewall Analyzer, which can be exploited by malicious
people to conduct cross-site scripting attacks.
Input passed via the "subTab" parameter to fw/createAnomaly.do, the
"url" parameter to fw/mindex.do, the "url" and "tab" parameters to
fw/index2.do, and the "port" parameter to fw/syslogViewer.do is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 7.2. Other versions may
also be affected.
SOLUTION:
Filter malicious characters and character sequences using a proxy.
PROVIDED AND/OR DISCOVERED BY:
Vulnerability Lab.
ORIGINAL ADVISORY:
http://www.vulnerability-lab.com/get_content.php?id=437
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0145 | CVE-2012-0228 |
Invensys Wonderware Information Server Vulnerable to access restrictions
Related entries in the VARIoT exploits database: VAR-E-201204-0164 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. Invensys Wonderware Information Server is prone to multiple security vulnerabilities, including:
1. A cross-site scripting vulnerability
2. A SQL-injection vulnerability
3. A security-bypass vulnerability
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, perform unauthorized actions, obtain sensitive information, redirect a user to a potentially malicious site, cause a denial-of-service condition and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Invensys Wonderware Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48603
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48603/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48603
RELEASE DATE:
2012-04-03
DISCUSS ADVISORY:
http://secunia.com/advisories/48603/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48603/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48603
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Wonderware Information
Server and Invensys Wonderware Historian Client, which can be
exploited by malicious people to conduct cross-site scripting
attacks, conduct SQL injection attacks, bypass certain security
restrictions, and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
2) Certain unspecified input is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in Wonderware Information Server
versions 4.0 SP1 and 4.5 and Invensys Wonderware Historian Client
versions prior to 10 SP3.
SOLUTION:
Install patch. Please see original advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Terry McCorkle and Billy Rios.
ORIGINAL ADVISORY:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0175 | CVE-2012-0225 |
Invensys Wonderware Information Server Cross-Site Scripting Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201204-0164 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. Invensys Wonderware Information Server is prone to multiple security vulnerabilities, including:
1. A cross-site scripting vulnerability
2. A SQL-injection vulnerability
3. A security-bypass vulnerability
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, perform unauthorized actions, obtain sensitive information, redirect a user to a potentially malicious site, cause a denial-of-service condition and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Invensys Wonderware Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48603
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48603/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48603
RELEASE DATE:
2012-04-03
DISCUSS ADVISORY:
http://secunia.com/advisories/48603/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48603/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48603
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Wonderware Information
Server and Invensys Wonderware Historian Client, which can be
exploited by malicious people to conduct cross-site scripting
attacks, conduct SQL injection attacks, bypass certain security
restrictions, and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
2) Certain unspecified input is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
3) An unspecified error in client controls can be exploited to bypass
certain security restrictions.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in Wonderware Information Server
versions 4.0 SP1 and 4.5 and Invensys Wonderware Historian Client
versions prior to 10 SP3.
SOLUTION:
Install patch. Please see original advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Terry McCorkle and Billy Rios.
ORIGINAL ADVISORY:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0176 | CVE-2012-0226 |
Invensys Wonderware Information Server SQL Injection Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201204-0164 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. Invensys Wonderware Information Server is prone to multiple security vulnerabilities, including:
1. A cross-site scripting vulnerability
2. A SQL-injection vulnerability
3. A security-bypass vulnerability
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, perform unauthorized actions, obtain sensitive information, redirect a user to a potentially malicious site, cause a denial-of-service condition and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Invensys Wonderware Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48603
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48603/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48603
RELEASE DATE:
2012-04-03
DISCUSS ADVISORY:
http://secunia.com/advisories/48603/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48603/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48603
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Wonderware Information
Server and Invensys Wonderware Historian Client, which can be
exploited by malicious people to conduct cross-site scripting
attacks, conduct SQL injection attacks, bypass certain security
restrictions, and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
2) Certain unspecified input is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
3) An unspecified error in client controls can be exploited to bypass
certain security restrictions.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in Wonderware Information Server
versions 4.0 SP1 and 4.5 and Invensys Wonderware Historian Client
versions prior to 10 SP3.
SOLUTION:
Install patch. Please see original advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Terry McCorkle and Billy Rios.
ORIGINAL ADVISORY:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0035 | CVE-2012-2439 | NetGear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N Router Security Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. Netgear FVS318N Has an issue where remote administration is enabled by default. An attacker can bypass the restrictions and access the device management web interface.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Prosafe Fvs318n is prone to a remote security vulnerability
| VAR-201204-0036 | CVE-2012-2440 | TP-Link 8840T DSL Router Security Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. TP-Link 8840T Has a problem with the remote management feature enabled by default. ADSL It is a router with a built-in modem TP-Link 8840T Since the remote management function is enabled by default, the management screen may be accessed from the outside.A remote attacker may access the product management screen and change the settings. The TP-Link 8840T is a DSL router. Unauthenticated remote attackers can bypass the security restrictions to access the WEB interface. TP-Link 8840T is prone to a security-bypass vulnerability