VARIoT IoT vulnerabilities database

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Symantec Messaging Gateway is prone to a security-bypass vulnerability. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Symantec Messaging Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 RELEASE DATE: 2012-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks. 1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page. 3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application. 4) The weakness is caused due to the application disclosing detailed component version information. The vulnerabilities are reported in versions 9.5.x and prior. SOLUTION: Upgrade to version 10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure. ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. A security vulnerability exists in the Symantec Messaging Gateway application. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Symantec Messaging Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 RELEASE DATE: 2012-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks. 1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page. 3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application. The vulnerabilities are reported in versions 9.5.x and prior. SOLUTION: Upgrade to version 10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure. ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Allows non-privileged users to exploit this vulnerability to gain privileged access to the application. Successful attacks can allow an attacker to obtain sensitive information, bypass certain security restrictions, and perform unauthorized administrative actions. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Symantec Messaging Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 RELEASE DATE: 2012-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks. 1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page. 3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application. 4) The weakness is caused due to the application disclosing detailed component version information. The vulnerabilities are reported in versions 9.5.x and prior. SOLUTION: Upgrade to version 10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure. ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Symantec Messaging Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 RELEASE DATE: 2012-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks. 1) Certain input passed via web or email content is not properly sanitised before being returned to the user. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page. 3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application. 4) The weakness is caused due to the application disclosing detailed component version information. The vulnerabilities are reported in versions 9.5.x and prior. SOLUTION: Upgrade to version 10. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure. ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions. Oracle Provided by Java 7 Any OS A vulnerability exists that allows the command to be executed. Oracle Provided by Java 7 Is Java Any sandbox is avoided OS A vulnerability exists that allows the command to be executed. Attack code using this vulnerability has been released and attacks have been observed.Crafted Java By opening a web page with an applet embedded, OS The command may be executed. An attacker can exploit this issue to bypass Java sandbox restrictions and load additional classes to execute arbitrary code in the context of the application. This vulnerability affects Oracle JRE 1.7.0 Update 6; prior versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:1221-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1221.html Issue date: 2012-09-03 CVE Names: CVE-2012-0547 CVE-2012-1682 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. (CVE-2012-0547) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.4/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQRKwlXlSAg2UNWIIRAuBpAJ9PVRcgXwYAfcHDVDY+XnH8eZ/EvACfZ3rd /XJCTtikB1oO+KTYuOUgdEM= =VrOF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Further information about these flaws can be found on the Oracle Java SE Security Alert page, listed in the References section. Web browsers using the Java 7 plug-in are at high risk. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack). Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available. Solution Disable Java in web browsers This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, disable Java in web browsers. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client: For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. If you are unable to update to Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per browser basis. References * Vulnerability Note VU#625617 <http://www.kb.cert.org/vuls/id/625617> * Setting the Security Level of the Java Client <http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html> * The Security Manager <http://docs.oracle.com/javase/tutorial/essential/environment/security.html> * How to disable the Java web plug-in in Safari <https://support.apple.com/kb/HT5241> * How to turn off Java applets <https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets> * NoScript <http://noscript.net/> * Securing Your Web Browser <https://www.us-cert.gov/reading_room/securing_browser/#Safari> * Vulnerability Note VU#636312 <http://www.kb.cert.org/vuls/id/636312#solution> Revision History January 10, 2013: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA13-010A Feedback VU#625617" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization

Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter

Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This issue has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE This is called an attack. May be

Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple iChat is a video chat tool bundled with Apple's family of operating systems

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

RuggedCom is a provider of communication network solutions. The RuggedCom Rugged Operating System has an SSL private key reuse vulnerability that allows an attacker to exploit and exploit encrypted traffic. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: RuggedCom Rugged Operating System SSL Private Key Reuse Vulnerability SECUNIA ADVISORY ID: SA50364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50364 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RuggedCom Rugged Operating System, which can be exploited by malicious people to conduct spoofing attacks. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Justin W. Clarke ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-234-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. As a result, denial of service ( DoS ) Attacks, information leaks, privilege escalation, etc. may occur. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Websense Content Gateway "menu" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA50368 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50368/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50368 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50368/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50368/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50368 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Websense Content Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "menu" parameter to monitor/m_overview.ink is not properly sanitised before being returned to the user. The vulnerability is reported in versions prior to 7.7.3. SOLUTION: No official solution is currently available. Reportedly the vendor is planning the release of a fixed version 7.7.3 in December 2012. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Steven Sim Kok Leong. ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/318779 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter. Barracuda Link Balancer Series Firmware is prone to a cross-site scripting vulnerability

The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. A remote attacker could exploit this vulnerability to execute arbitrary commands through an unknown vector

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. Websense Email Security is an email security solution. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions. Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to download arbitrary files in the context of the affected application. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in McAfee Email and Web Security Appliance and Email Gateway, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) An unspecified error within the authentication mechanism can be exploited to gain administrative privileges. 2) Certain input passed to the web interface is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. 3) Certain unspecified input is not properly sanitised before being returned to the user. The vulnerabilities are reported in the following products: * McAfee Email Gateway (MEG) versions 7.0.0 and 7.0.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Tenable Network Security. ORIGINAL ADVISORY: https://kc.mcafee.com/corporate/index?page=content&id=SB10026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. McAfee Email and Web Security Appliance and Email Gateway are prone to a cross-site scripting vulnerability, a directory-traversal vulnerability, and a security-bypass vulnerability. A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions. Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to download arbitrary files in the context of the affected application. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in McAfee Email and Web Security Appliance and Email Gateway, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) An unspecified error within the authentication mechanism can be exploited to gain administrative privileges. 2) Certain input passed to the web interface is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. 3) Certain unspecified input is not properly sanitised before being returned to the user. The vulnerabilities are reported in the following products: * McAfee Email Gateway (MEG) versions 7.0.0 and 7.0.1. * McAfee Email and Web Security (EWS) versions 5.6 Patch 3 and prior * McAfee Email and Web Security (EWS) versions 5.5 Patch 6 and prior SOLUTION: Apply patches if available (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: The vendor credits Tenable Network Security. ORIGINAL ADVISORY: https://kc.mcafee.com/corporate/index?page=content&id=SB10026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions. Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to download arbitrary files in the context of the affected application. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in McAfee Email and Web Security Appliance and Email Gateway, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) An unspecified error within the authentication mechanism can be exploited to gain administrative privileges. 2) Certain input passed to the web interface is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. 3) Certain unspecified input is not properly sanitised before being returned to the user. The vulnerabilities are reported in the following products: * McAfee Email Gateway (MEG) versions 7.0.0 and 7.0.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Tenable Network Security. ORIGINAL ADVISORY: https://kc.mcafee.com/corporate/index?page=content&id=SB10026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------