VARIoT IoT vulnerabilities database
VAR-200602-0025 | CVE-2006-0486 | Cisco IOS of AAA Vulnerability to execute arbitrary commands in command authorization function |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ AAA (authentication, authorization, and accounting) Authentication, authorization, and billing management for network usage ( Access management ) It is a mechanism for doing. Cisco IOS Then AAA It is possible to determine the privilege level of the authenticated user by using and to set authorization for specific commands for each level. Cisco IOS Implemented in AAA The command authorization function includes Tcl Shell mode (tclsh) There is a problem that authorization check is not properly executed for the command executed by. Tcl Shell mode is supported AAA Use the command authorization function IOS A device may be able to execute arbitrary commands with elevated privileges if exploited by a local attacker.Please refer to the “Overview” for the impact of this vulnerability. Cisco IOS is prone to a remote AAA command authorization-bypass vulnerability.
This issue allows remote attackers to bypass AAA command authorization checks and to gain elevated access to affected devices.
This issue is documented by Cisco bug ID CSCeh73049http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeh73049.
TITLE:
Cisco IOS AAA Command Authentication Bypass Vulnerability
SECUNIA ADVISORY ID:
SA18613
VERIFY ADVISORY:
http://secunia.com/advisories/18613/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
Local system
OPERATING SYSTEM:
Cisco IOS R12.x
http://secunia.com/product/50/
Cisco IOS 12.x
http://secunia.com/product/182/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Note: It has also been reported that an authenticated user is
automatically placed into the Tcl Shell mode if a previous user goes
into Tcl Shell mode and terminates the session before leaving the Tcl
Shell mode. This may help to exacerbate the vulnerability.
SOLUTION:
Fixes are available (see patch matrix in vendor advisory).
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Nicolas Fischbach of COLT Telecom.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0385 | CVE-2006-0336 | Kerio WinRoute Firewall Web Browse denial of service vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability.
An attacker can exploit this vulnerability to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. There are loopholes in Kerio WinRoute's handling of specific web browsing operations, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall.
TITLE:
Kerio WinRoute Firewall Web Browsing Denial of Service
SECUNIA ADVISORY ID:
SA18589
VERIFY ADVISORY:
http://secunia.com/advisories/18589/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
Kerio WinRoute Firewall 6.x
http://secunia.com/product/3613/
DESCRIPTION:
A vulnerability has been reported in Kerio WinRoute Firewall, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
SOLUTION:
Update to version 6.1.4 Patch 2.
http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.kerio.com/kwf_history.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0384 | CVE-2006-0335 | Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. Kerio WinRoute has loopholes when processing specific HTML data, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall.
TITLE:
Kerio WinRoute Firewall Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA18542
VERIFY ADVISORY:
http://secunia.com/advisories/18542/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
Kerio WinRoute Firewall 6.x
http://secunia.com/product/3613/
DESCRIPTION:
Two vulnerabilities have been reported in Kerio WinRoute Firewall,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
1) An error in the handling of certain data when performing HTML
content filtering may be exploited to cause a DoS.
2) An error in the handling of overly long strings fetched from the
Active Directory may be exploited to cause a DoS.
Some other errors, which may be security related, have also been
fixed.
SOLUTION:
Update to version 6.1.4 Patch 1.
http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.kerio.com/kwf_history.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0368 | CVE-2006-0337 | plural F-Secure Anti-Virus Buffer overflow vulnerability in products |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. plural F-Secure Anti-Virus The product contains a buffer overflow vulnerability.Arbitrary code could be executed by a third party. F-Secure is prone to multiple vulnerabilities when handling archives of various formats.
The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise.
Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection.
TITLE:
F-Secure Anti-Virus Archive Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA18529
VERIFY ADVISORY:
http://secunia.com/advisories/18529/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
SOFTWARE:
F-Secure Personal Express 6.x
http://secunia.com/product/6885/
F-Secure Internet Security 2006
http://secunia.com/product/6883/
F-Secure Internet Security 2005
http://secunia.com/product/4300/
F-Secure Internet Security 2004
http://secunia.com/product/3499/
F-Secure Internet Gatekeeper for Linux 2.x
http://secunia.com/product/4635/
F-Secure Internet Gatekeeper 6.x
http://secunia.com/product/3339/
F-Secure Anti-Virus for Workstations 5.x
http://secunia.com/product/457/
F-Secure Anti-Virus for Windows Servers 5.x
http://secunia.com/product/452/
F-Secure Anti-Virus for Samba Servers 4.x
http://secunia.com/product/3501/
F-Secure Anti-Virus for MIMEsweeper 5.x
http://secunia.com/product/455/
F-Secure Anti-Virus for Microsoft Exchange 6.x
http://secunia.com/product/454/
F-Secure Anti-Virus for Linux 4.x
http://secunia.com/product/3165/
F-Secure Anti-Virus for Firewalls 6.x
http://secunia.com/product/451/
F-Secure Anti-Virus for Citrix Servers 5.x
http://secunia.com/product/5198/
F-Secure Anti-Virus Client Security 6.x
http://secunia.com/product/5786/
F-Secure Anti-Virus Client Security 5.x
http://secunia.com/product/2718/
F-Secure Anti-Virus 5.x
http://secunia.com/product/3334/
F-Secure Anti-Virus 2006
http://secunia.com/product/6882/
F-Secure Anti-Virus 2005
http://secunia.com/product/4299/
F-Secure Anti-Virus 2004
http://secunia.com/product/3500/
DESCRIPTION:
Some vulnerabilities have been reported in various F-Secure products,
which can be exploited by malware to bypass detection or malicious
people to compromise a vulnerable system.
2) An error in the scanning functionality when processing RAR and ZIP
archives can be exploited to prevent malware from being detected.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Thierry Zoller.
ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2006-1.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0369 | CVE-2006-0338 | F-Secure Multiple Archive File Handling Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. F-Secure is prone to multiple vulnerabilities when handling archives of various formats.
The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise.
Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection.
TITLE:
F-Secure Anti-Virus Archive Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA18529
VERIFY ADVISORY:
http://secunia.com/advisories/18529/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
SOFTWARE:
F-Secure Personal Express 6.x
http://secunia.com/product/6885/
F-Secure Internet Security 2006
http://secunia.com/product/6883/
F-Secure Internet Security 2005
http://secunia.com/product/4300/
F-Secure Internet Security 2004
http://secunia.com/product/3499/
F-Secure Internet Gatekeeper for Linux 2.x
http://secunia.com/product/4635/
F-Secure Internet Gatekeeper 6.x
http://secunia.com/product/3339/
F-Secure Anti-Virus for Workstations 5.x
http://secunia.com/product/457/
F-Secure Anti-Virus for Windows Servers 5.x
http://secunia.com/product/452/
F-Secure Anti-Virus for Samba Servers 4.x
http://secunia.com/product/3501/
F-Secure Anti-Virus for MIMEsweeper 5.x
http://secunia.com/product/455/
F-Secure Anti-Virus for Microsoft Exchange 6.x
http://secunia.com/product/454/
F-Secure Anti-Virus for Linux 4.x
http://secunia.com/product/3165/
F-Secure Anti-Virus for Firewalls 6.x
http://secunia.com/product/451/
F-Secure Anti-Virus for Citrix Servers 5.x
http://secunia.com/product/5198/
F-Secure Anti-Virus Client Security 6.x
http://secunia.com/product/5786/
F-Secure Anti-Virus Client Security 5.x
http://secunia.com/product/2718/
F-Secure Anti-Virus 5.x
http://secunia.com/product/3334/
F-Secure Anti-Virus 2006
http://secunia.com/product/6882/
F-Secure Anti-Virus 2005
http://secunia.com/product/4299/
F-Secure Anti-Virus 2004
http://secunia.com/product/3500/
DESCRIPTION:
Some vulnerabilities have been reported in various F-Secure products,
which can be exploited by malware to bypass detection or malicious
people to compromise a vulnerable system.
2) An error in the scanning functionality when processing RAR and ZIP
archives can be exploited to prevent malware from being detected.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Thierry Zoller.
ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2006-1.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0325 | CVE-2006-0367 | Cisco CallManager CCMAdmin Remote privilege elevation vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page.". Cisco CallManager is susceptible to a remote privilege escalation vulnerability. This issue is due to a failure of the application to properly enforce access controls. This issue is only exploitable when Multi Level Administration is enabled, and users are granted read-only administrative access via the CCMAdmin Web interface.
TITLE:
Cisco Call Manager CCMAdmin Privilege Escalation
SECUNIA ADVISORY ID:
SA18501
VERIFY ADVISORY:
http://secunia.com/advisories/18501/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
SOFTWARE:
Cisco CallManager 4.x
http://secunia.com/product/5363/
Cisco CallManager 3.x
http://secunia.com/product/2805/
DESCRIPTION:
A vulnerability has been reported in Cisco CallManager, which can be
exploited by malicious users to gain escalated privileges.
The vulnerability is caused due to an error in the CCMAdmin web page.
The vulnerability affects the following versions:
* Cisco CallManager 3.2 and earlier
* Cisco CallManager 3.3, versions earlier than 3.3(5)SR1
* Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c
* Cisco CallManager 4.1, versions earlier than 4.1(3)SR2
SOLUTION:
Fixes are available (see patch matrix in vendor advisory).
http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml#software
PROVIDED AND/OR DISCOVERED BY:
The vendor credits CNLabs of Switzerland.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0371 | CVE-2006-0340 | Cisco IOS of SGBP Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. Cisco IOS SGBP is prone to a remote denial of service vulnerability.
This issue arises on devices that have been configured to run SGBP.
A successful attack causes a device to hang and fail to respond to further requests. It should be noted that a system watchdog timer will detect this condition after a delay and restart the device. Internet Operating System (IOS) is an operating system used on CISCO routers. Remote attackers can use this loophole to launch denial-of-service attacks on the device. A specially crafted UPD message can cause a denial of service in the Cisco IOS-provided SGBP implementation. Sending the above message to port 9900 of an affected device can cause it to freeze and stop responding or transmitting traffic.
The vulnerability is caused due to an error in the handling of the
SGBP protocol (Stack Group Bidding Protocol). This can be exploited
to cause a vulnerable device to become unresponsive and trigger a
hardware reset by sending a specially crafted UDP datagram to port
9900.
SOLUTION:
Fixes are available for IOS 12.0, 12.1, 12.2, 12.3, and 12.4 (see
patch matrix in vendor advisory).
http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0270 | CVE-2006-0309 | Linksys BEFVP41 IP Option Remote Denial of Service Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. Linksys BEFVP41 routers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.
This issue allows remote attackers to crash affected devices, denying service to legitimate users.
Reportedly, attackers must be located on the internal network, and be able to pass traffic through the router to exploit this issue. It may also be possible from the external side of the network, but this has not been confirmed.
The vulnerability has been reported in version 2.0 with firmware
revision 1.01.04.
SOLUTION:
Use the device on trusted networks only.
PROVIDED AND/OR DISCOVERED BY:
Paul
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0326 | CVE-2006-0368 | Cisco CallManager Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. Cisco CallManager There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. CallManager is susceptible to multiple remote denial of service vulnerabilities.
These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers.
Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Under certain circumstances, CCM will keep the TCP connection open indefinitely until the CCM service is restarted or the server is restarted. Successful exploitation of these vulnerabilities could result in a denial of service attack, causing high CPU usage, interrupting service, or restarting the server, which could then cause the phone to become unresponsive, log off the phone from the CCM, or restart the CCM.
TITLE:
Cisco CallManager Connection Handling Denial of Service
SECUNIA ADVISORY ID:
SA18494
VERIFY ADVISORY:
http://secunia.com/advisories/18494/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
Cisco CallManager 3.x
http://secunia.com/product/2805/
Cisco CallManager 4.x
http://secunia.com/product/5363/
DESCRIPTION:
Some vulnerabilities has been reported in Cisco CallManager, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
2) An error in the processing of connections to ports 2001, 2002, and
7727 can be exploited to fill up the Windows message queue by
establishing multiple connections. This further leads to the Cisco
CallManager restarting after a 30 second timeout.
The following versions are affected:
* Cisco CallManager 3.2 and earlier
* Cisco CallManager 3.3, versions earlier than 3.3(5)SR1a
* Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c
* Cisco CallManager 4.1, versions earlier than 4.1(3)SR2
SOLUTION:
Fixes are available (see patch matrix):
http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0332 | CVE-2006-0374 | ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible.
ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected.
TITLE:
ACT WLAN Phone P202S Multiple Security Issues
SECUNIA ADVISORY ID:
SA18514
VERIFY ADVISORY:
http://secunia.com/advisories/18514/
CRITICAL:
Less critical
IMPACT:
Unknown, Security Bypass, Exposure of system information, DoS
WHERE:
>From local network
OPERATING SYSTEM:
ACT WLAN Phone P202S
http://secunia.com/product/6843/
DESCRIPTION:
Shawn Merdinger has reported some security issues in ACT WLAN Phone
P202S, which can be exploited by malicious people to potentially
disclose system information, potentially cause a DoS (Denial of
Service), and bypass certain security restrictions.
2) An error caused due to the phone allowing connections to the echo
service on port 7/tcp may be exploited to cause a DoS on other
network devices.
3) An error caused due to the phone allowing connections to the
rlogin service on port 513/tcp can be exploited to gain rlogin access
to the phone without authentication.
It has also been reported that the phone has a hardcoded NTP server.
The security issues have been reported in version 1.01.21.
SOLUTION:
Restrict use to within trusted networks only.
PROVIDED AND/OR DISCOVERED BY:
Shawn Merdinger
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0386 | No CVE | CNVD-2006-0267 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
ACT P202S VOIP WIFI is a wireless VOIP phone. MPM HP-180W VOIP WIFI phones have multiple security issues that can be exploited by remote attackers to gain access to sensitive information or administrator access. The ACT P202S VOIP WIFI phone allows remote debug connections and remote unauthorized management access. Successful exploitation of these vulnerabilities allows an attacker to obtain debug information or denial of service from the device. These include undocumented port UDP/17185 VxWorks WDB for remote debugging, undocumented port TCP/7 echo, undocumented port TCP/513 rlogin
VAR-200601-0333 | CVE-2006-0375 | VxWorks Run on Advantage Century Telecommunication P202S IP Phone Vulnerabilities that provide incorrect time information in some firmware |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks. ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible.
ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected.
TITLE:
ACT WLAN Phone P202S Multiple Security Issues
SECUNIA ADVISORY ID:
SA18514
VERIFY ADVISORY:
http://secunia.com/advisories/18514/
CRITICAL:
Less critical
IMPACT:
Unknown, Security Bypass, Exposure of system information, DoS
WHERE:
>From local network
OPERATING SYSTEM:
ACT WLAN Phone P202S
http://secunia.com/product/6843/
DESCRIPTION:
Shawn Merdinger has reported some security issues in ACT WLAN Phone
P202S, which can be exploited by malicious people to potentially
disclose system information, potentially cause a DoS (Denial of
Service), and bypass certain security restrictions.
2) An error caused due to the phone allowing connections to the echo
service on port 7/tcp may be exploited to cause a DoS on other
network devices.
3) An error caused due to the phone allowing connections to the
rlogin service on port 513/tcp can be exploited to gain rlogin access
to the phone without authentication.
It has also been reported that the phone has a hardcoded NTP server.
The security issues have been reported in version 1.01.21.
SOLUTION:
Restrict use to within trusted networks only.
PROVIDED AND/OR DISCOVERED BY:
Shawn Merdinger
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0135 | CVE-2006-0255 | Check Point VPN-1 SecureClient Path Specification Local Privilege Upgrade Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed.
The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed
VAR-200707-0577 | CVE-2007-3387 | Freedesktop Poppler Input validation error vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. ** REJECTED ** Do not use this application number. ConsultIDs: CVE-2007-3387. Reason: This application number is a duplicate of CVE-2007-3387.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:164
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tetex
Date : August 14, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files.
In addition, tetex contains an embedded copy of the GD library which
suffers from a number of bugs which potentially lead to denial of
service and possibly other issues. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
fb959e3f6f872b50954fa8da4fe3c419 2007.0/i586/jadetex-3.12-116.4mdv2007.0.i586.rpm
02e7b28c729ec9f57d5268daedee85e7 2007.0/i586/tetex-3.0-18.4mdv2007.0.i586.rpm
8b89557fbac6f6b37f78f2a2aee16569 2007.0/i586/tetex-afm-3.0-18.4mdv2007.0.i586.rpm
f5169a380ec30b11a69b37c38e81555f 2007.0/i586/tetex-context-3.0-18.4mdv2007.0.i586.rpm
f4dbfde981fd4658044222bc159ecd41 2007.0/i586/tetex-devel-3.0-18.4mdv2007.0.i586.rpm
e0f85c8410194f78ba2aea95e4f9483b 2007.0/i586/tetex-doc-3.0-18.4mdv2007.0.i586.rpm
9753cb8ba53e41a19bdd46bd21d149e0 2007.0/i586/tetex-dvilj-3.0-18.4mdv2007.0.i586.rpm
bf28b703c43dea8ddedd6b3dd31d6d4d 2007.0/i586/tetex-dvipdfm-3.0-18.4mdv2007.0.i586.rpm
456feadedb60e9b8f0fa653a4b8c242c 2007.0/i586/tetex-dvips-3.0-18.4mdv2007.0.i586.rpm
596d3a551105ed4ae7504069d97ea15b 2007.0/i586/tetex-latex-3.0-18.4mdv2007.0.i586.rpm
0fa6f2279adff2c0e49e021342684962 2007.0/i586/tetex-mfwin-3.0-18.4mdv2007.0.i586.rpm
4dfbc03ccff172c0031f3b66f49f2e67 2007.0/i586/tetex-texi2html-3.0-18.4mdv2007.0.i586.rpm
3fe94235dcf1d60559c5e22dcb661135 2007.0/i586/tetex-xdvi-3.0-18.4mdv2007.0.i586.rpm
50face08da8982afdcaa653c46d23893 2007.0/i586/xmltex-1.9-64.4mdv2007.0.i586.rpm
63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
3ba044a5b0cbd36b27fa8ebd60d51e8d 2007.0/x86_64/jadetex-3.12-116.4mdv2007.0.x86_64.rpm
94b050b17693804a81e68107b37aade8 2007.0/x86_64/tetex-3.0-18.4mdv2007.0.x86_64.rpm
dca2d262c4345720681e776de7aaf3b5 2007.0/x86_64/tetex-afm-3.0-18.4mdv2007.0.x86_64.rpm
6387c4e3923b174732ea42e1c1961f31 2007.0/x86_64/tetex-context-3.0-18.4mdv2007.0.x86_64.rpm
9e31f83c40c6bf2bd0528fd8debc7da0 2007.0/x86_64/tetex-devel-3.0-18.4mdv2007.0.x86_64.rpm
b61e81383f6becccb285e0e9e3c04fc8 2007.0/x86_64/tetex-doc-3.0-18.4mdv2007.0.x86_64.rpm
ff32dc4e3ee6c9ce2e7160e0e2e8d000 2007.0/x86_64/tetex-dvilj-3.0-18.4mdv2007.0.x86_64.rpm
d4bf450a8fc9da8d97cb03a5fd895e5d 2007.0/x86_64/tetex-dvipdfm-3.0-18.4mdv2007.0.x86_64.rpm
9bb0bb329efda5960b7c43cab4bb60a8 2007.0/x86_64/tetex-dvips-3.0-18.4mdv2007.0.x86_64.rpm
a6e2b2af59a022db1ccc897d78fd3df1 2007.0/x86_64/tetex-latex-3.0-18.4mdv2007.0.x86_64.rpm
6fdee1957e97c37034bafd9546071553 2007.0/x86_64/tetex-mfwin-3.0-18.4mdv2007.0.x86_64.rpm
a10d83249b768f676eabcbdc8d1def85 2007.0/x86_64/tetex-texi2html-3.0-18.4mdv2007.0.x86_64.rpm
71907f30dc7beb72245329e3df4f3d13 2007.0/x86_64/tetex-xdvi-3.0-18.4mdv2007.0.x86_64.rpm
824f5631d126e96851540ce059f378a6 2007.0/x86_64/xmltex-1.9-64.4mdv2007.0.x86_64.rpm
63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm
Mandriva Linux 2007.1:
81f9fad03bffde4848b2684b0beaf1be 2007.1/i586/jadetex-3.12-129.3mdv2007.1.i586.rpm
240f0698cc266be75607780ca95f7df9 2007.1/i586/tetex-3.0-31.3mdv2007.1.i586.rpm
adaa2d6fa7128e0c1ef125c5b2a27bd1 2007.1/i586/tetex-afm-3.0-31.3mdv2007.1.i586.rpm
143aa48143998f5ffd5877fb348c06c3 2007.1/i586/tetex-context-3.0-31.3mdv2007.1.i586.rpm
3a3b1e82a1fb3e2260eeac49bd038d44 2007.1/i586/tetex-devel-3.0-31.3mdv2007.1.i586.rpm
98781fd21fae15a9d190387bb7c894fa 2007.1/i586/tetex-doc-3.0-31.3mdv2007.1.i586.rpm
162cc4138d291f34e17589dcbaf47e02 2007.1/i586/tetex-dvilj-3.0-31.3mdv2007.1.i586.rpm
c290665965a32365750302b66998cf9c 2007.1/i586/tetex-dvipdfm-3.0-31.3mdv2007.1.i586.rpm
521a43054786848837cadf65d7373adb 2007.1/i586/tetex-dvips-3.0-31.3mdv2007.1.i586.rpm
db59616b644d2d040bf20bba50b98a52 2007.1/i586/tetex-latex-3.0-31.3mdv2007.1.i586.rpm
42b078d4e8b5ecfa43cecd105cfd9973 2007.1/i586/tetex-mfwin-3.0-31.3mdv2007.1.i586.rpm
d80a680507279c769af4eac68342779e 2007.1/i586/tetex-texi2html-3.0-31.3mdv2007.1.i586.rpm
6ad4a6a5df7c31302c0d8f0294b441fe 2007.1/i586/tetex-usrlocal-3.0-31.3mdv2007.1.i586.rpm
a636c345e691cfcad8bb057aa724ca32 2007.1/i586/tetex-xdvi-3.0-31.3mdv2007.1.i586.rpm
81cb470114d43d4ba480c7ef38ad8f9b 2007.1/i586/xmltex-1.9-77.3mdv2007.1.i586.rpm
1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
931bdcfab39b511372c0fe1667cdec9b 2007.1/x86_64/jadetex-3.12-129.3mdv2007.1.x86_64.rpm
be2917b026909b9fe2d6f54425f0ae01 2007.1/x86_64/tetex-3.0-31.3mdv2007.1.x86_64.rpm
3927b9a088b3dbbb035ab504724224fa 2007.1/x86_64/tetex-afm-3.0-31.3mdv2007.1.x86_64.rpm
5e0dc9457f6e864bfd097e52540ca691 2007.1/x86_64/tetex-context-3.0-31.3mdv2007.1.x86_64.rpm
c360e8b3bb98ee7f7467028038e97e1a 2007.1/x86_64/tetex-devel-3.0-31.3mdv2007.1.x86_64.rpm
d48d985a35aa93c17c45349c28c0b243 2007.1/x86_64/tetex-doc-3.0-31.3mdv2007.1.x86_64.rpm
eb67ec1e91e422ecfa36f1cbbac8971a 2007.1/x86_64/tetex-dvilj-3.0-31.3mdv2007.1.x86_64.rpm
851858c723458b732e522a3c0e61369c 2007.1/x86_64/tetex-dvipdfm-3.0-31.3mdv2007.1.x86_64.rpm
a0eda317da29934a5633f42b177a530f 2007.1/x86_64/tetex-dvips-3.0-31.3mdv2007.1.x86_64.rpm
753c701f03329627fb9e39753981e843 2007.1/x86_64/tetex-latex-3.0-31.3mdv2007.1.x86_64.rpm
d994a4854aba90786bbd9a4ec3c12019 2007.1/x86_64/tetex-mfwin-3.0-31.3mdv2007.1.x86_64.rpm
e655586388e11bf71063402efc3a7753 2007.1/x86_64/tetex-texi2html-3.0-31.3mdv2007.1.x86_64.rpm
9d5f65b626bd71949a07e6c7431817e0 2007.1/x86_64/tetex-usrlocal-3.0-31.3mdv2007.1.x86_64.rpm
55315fd53192e1d99eee611c658d803e 2007.1/x86_64/tetex-xdvi-3.0-31.3mdv2007.1.x86_64.rpm
64af62bd89fcac2a4ffad45a8eae77d6 2007.1/x86_64/xmltex-1.9-77.3mdv2007.1.x86_64.rpm
1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm
Corporate 4.0:
ded203c11a86b123fb65dccf7ebefe7b corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm
02ca90145d6b09cdd92bc9906a9dfa41 corporate/4.0/i586/tetex-3.0-12.6.20060mlcs4.i586.rpm
9af4a0c59bf34cb69ec03feeecc10b51 corporate/4.0/i586/tetex-afm-3.0-12.6.20060mlcs4.i586.rpm
c4a7cdb06beb70e2652fee997cd5acd1 corporate/4.0/i586/tetex-context-3.0-12.6.20060mlcs4.i586.rpm
4d4e89d588e0ec5a1a30659b194e53a7 corporate/4.0/i586/tetex-devel-3.0-12.6.20060mlcs4.i586.rpm
7ae26e309360bdfdb9c5c503b0d4edf9 corporate/4.0/i586/tetex-doc-3.0-12.6.20060mlcs4.i586.rpm
302004f96913e500079054ecb03adda9 corporate/4.0/i586/tetex-dvilj-3.0-12.6.20060mlcs4.i586.rpm
00cd5bce374228d46b18d5b2210639f9 corporate/4.0/i586/tetex-dvipdfm-3.0-12.6.20060mlcs4.i586.rpm
f216bf18966462b172832a6f8a27fd78 corporate/4.0/i586/tetex-dvips-3.0-12.6.20060mlcs4.i586.rpm
f1b3b6fcb547e477570f1311fa7367a0 corporate/4.0/i586/tetex-latex-3.0-12.6.20060mlcs4.i586.rpm
86eb52c3286302e3343928a7bdeb9548 corporate/4.0/i586/tetex-mfwin-3.0-12.6.20060mlcs4.i586.rpm
a769eab0038bac03e47a72b634f79e19 corporate/4.0/i586/tetex-texi2html-3.0-12.6.20060mlcs4.i586.rpm
fd8530a3177047b3dd9ad9f5c1116020 corporate/4.0/i586/tetex-xdvi-3.0-12.6.20060mlcs4.i586.rpm
7d647f0f6d3db2a9a0f3b6be1fcb672c corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm
8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
03656d00a3a0ab1847acb665ef68d947 corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm
df2818955a171b5e682b2e481ea456f0 corporate/4.0/x86_64/tetex-3.0-12.6.20060mlcs4.x86_64.rpm
b33cd2edda19f78a7fc67d5fff165b0a corporate/4.0/x86_64/tetex-afm-3.0-12.6.20060mlcs4.x86_64.rpm
7d5818ed21c76ed6ea5db364fb4e9693 corporate/4.0/x86_64/tetex-context-3.0-12.6.20060mlcs4.x86_64.rpm
58f46f75a1d4df827911727ebacbc352 corporate/4.0/x86_64/tetex-devel-3.0-12.6.20060mlcs4.x86_64.rpm
edc968cfaa147eb6c0a44d367945cdee corporate/4.0/x86_64/tetex-doc-3.0-12.6.20060mlcs4.x86_64.rpm
cbb35ba57e6b7e4ff5e1f7746a556dba corporate/4.0/x86_64/tetex-dvilj-3.0-12.6.20060mlcs4.x86_64.rpm
64037dfd41b52942db831d5d1db263ae corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.6.20060mlcs4.x86_64.rpm
521ac94898d0dd328a72b41a897cac77 corporate/4.0/x86_64/tetex-dvips-3.0-12.6.20060mlcs4.x86_64.rpm
7b08d2c8978a0d020d8bd29478e9300c corporate/4.0/x86_64/tetex-latex-3.0-12.6.20060mlcs4.x86_64.rpm
2c8045b7090444ae36576040d4106399 corporate/4.0/x86_64/tetex-mfwin-3.0-12.6.20060mlcs4.x86_64.rpm
3124bf387e243377003b3bf21d34b6b9 corporate/4.0/x86_64/tetex-texi2html-3.0-12.6.20060mlcs4.x86_64.rpm
88ea09f36b9281e64061a2ca25d10719 corporate/4.0/x86_64/tetex-xdvi-3.0-12.6.20060mlcs4.x86_64.rpm
e34498cb80e93ccd2b592ff8a722b985 corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm
8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGwgCrmqjQ0CJFipgRAvxaAKD0oN2+nbJYsb/02Pfv7e91rH+OwQCgoNcD
E25vkVsg47bEpt/Rv8lWmms=
=oC5G
-----END PGP SIGNATURE-----
.
For the oldstable distribution (sarge) this problem has been fixed in
version 2.8.2-1.2sarge6.
The stable distribution (etch) no longer contains gpdf.
The unstable distribution (sid) no longer contains gpdf.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.dsc
Size/MD5 checksum: 1663 508dfe3e8af751e8ce4f9b0e5ab59889
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.diff.gz
Size/MD5 checksum: 38814 708461f883679a3faacb5c3ea576b70c
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
Size/MD5 checksum: 1245535 5ceb66aa95e51c4e1d6e10cb29560ff9
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_alpha.deb
Size/MD5 checksum: 871844 17eff64fe6e84fd163d5572410840e47
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_amd64.deb
Size/MD5 checksum: 795866 cee6613e8cc8fe7feffbea3090b3b2b4
ARM architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_arm.deb
Size/MD5 checksum: 781972 efb47c5c872b054b5155fbbe8fe14657
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb
Size/MD5 checksum: 859960 52fc5ab1c1c7b0a337093196d08076af
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_i386.deb
Size/MD5 checksum: 782330 2bf9259f3e7dad3ff6cb4b7d01a11a80
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_ia64.deb
Size/MD5 checksum: 958676 1c86665357e64afe5a7d61a75ff34cfc
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_m68k.deb
Size/MD5 checksum: 746228 e192344892e794ceb6ba095edf51c04b
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mips.deb
Size/MD5 checksum: 818722 5f67cb402dbf493ccf3ad1ad3dd135d3
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mipsel.deb
Size/MD5 checksum: 811276 ae28c520096cd3ef94988f5ce0177693
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_powerpc.deb
Size/MD5 checksum: 799928 feac7c0451a8e391a05ec67e45263376
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_s390.deb
Size/MD5 checksum: 776318 e8109413c0351d45e76099cb6061e33f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_sparc.deb
Size/MD5 checksum: 764034 b473d9e4d5e4693eda7cbe3e93a6f7f0
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGwJD5Xm3vHE4uyloRApoKAKC9gm4oXxEEfkGTPLTI7FXHuxGOhACeI8Pg
hLmLXvQERW8SkFne3NDcKjQ=
=foQ3
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PDFKit, ImageKits: Buffer overflow
Date: October 18, 2007
Bugs: #188185
ID: 200710-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
PDFKit and ImageKits are vulnerable to an integer overflow and a stack
overflow allowing for the user-assisted execution of arbitrary code.
Background
==========
PDFKit is a framework for rendering of PDF content in GNUstep
applications. ImageKits is a collection of frameworks to support
imaging in GNUstep applications.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 gnustep-libs/pdfkit <= 0.9_pre062906 Vulnerable!
2 gnustep-libs/imagekits <= 0.6 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
2 affected packages on all of their supported architectures. ImageKits also contains a copy of PDFKit.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
PDFKit and ImageKits are not maintained upstream, so the packages were
masked in Portage. We recommend that users unmerge PDFKit and
ImageKits:
# emerge --unmerge gnustep-libs/pdfkit
# emerge --unmerge gnustep-libs/imagekits
As an alternative, users should upgrade their systems to use PopplerKit
instead of PDFKit and Vindaloo instead of ViewPDF.
References
==========
[ 1 ] CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
[ 2 ] GLSA 200709-12
http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200710-20.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Background
==========
teTeX is a complete TeX distribution for editing documents. Other vulnerabilities have also been discovered in the
same file but might not be exploitable (CVE-2007-0650). Tetex also
includes vulnerable code from GD library (GLSA 200708-05), and from
Xpdf (CVE-2007-3387).
TITLE:
GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA18375
VERIFY ADVISORY:
http://secunia.com/advisories/18375/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
GNOME 2.x
http://secunia.com/product/3277/
DESCRIPTION:
Some vulnerabilities have been reported in GNOME gpdf, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a user's system.
The vulnerabilities are caused due to the use of a vulnerable version
of Xpdf.
For more information:
SA18303
SOLUTION:
Restrict use to trusted PDF files only.
OTHER REFERENCES:
SA18303:
http://secunia.com/advisories/18303/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0295 | CVE-2006-0354 | Cisco Aironet WAP of ARP Service disruption due to request processing (DoS) Vulnerabilities |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. Cisco IOS Wireless access point that operates Cisco Aironet Wireless Access Points (WAP) Is illegal ARP When processing a request, there is a vulnerability where the physical memory on the device is exhausted and traffic cannot be processed.Device is out of service (DoS) It may be in a state. This issue is due to memory exhaustion caused by improper handling of an excessive number of ARP requests.
This issue allows attackers who can successfully associate with a vulnerable access point to exhaust the memory of the affected device. As a result, the device fails to pass legitimate traffic until it has been rebooted. There is a loophole in Cisco Aironet's processing of ARP requests, and a remote attacker may use the loophole to carry out a denial of service attack on the device. This will cause the device to be unable to transmit traffic until it is powered off and reloaded, affecting the availability of the wireless access point, and may not be able to use management and packet forwarding services. This can be exploited by sending spoofed ARP
messages to the management interface of the AP to continuously add
entries to the ARP table of the device until the device runs out of
memory.
Successful exploitation causes the AP to be unable to pass traffic
until the device is restarted, but requires the ability to send ARP
messages to the management interface of the AP.
SOLUTION:
Update to IOS version 12.3-7-JA2.
http://tools.cisco.com/support/downloads/pub/MDFTree.x?butype=wireless
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0175 | CVE-2006-0181 | Cisco Security Monitoring, Analysis and Response System Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. This password is static across all installations of the software.
It is possible for those running software release 4.1.3 and later to change a portion of the default administrative password, effectively addressing the vulnerability. However, earlier versions do not provide this option. In addition, CS-MARS can also perform automated tasks to alleviate safety issues. Successful exploitation of this vulnerability will allow the attacker to obtain full management rights of the CS-MARS device. The password for the account
reportedly cannot be changed.
Successful exploitation requires logon to the administration command
line interface with e.g. the "pnadmin" account.
The vulnerability has been reported in versions prior to 4.1.3.
SOLUTION:
Update to version 4.1.3 or later and use the "passwd expert" command
to change the root password.
http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0173 | CVE-2006-0179 |
Sun Solaris uustat -S Command line parameter overflow vulnerability
Related entries in the VARIoT exploits database: VAR-E-200601-0305 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. Cisco IP Phone 7940 is prone to a remote denial of service vulnerability.
Successful exploitation causes the phone to restart.
Cisco is tracking this issue as Cisco bug ID CSCef33398. Solaris is a commercial UNIX operating system developed and maintained by Sun. There is a buffer overflow vulnerability in the /usr/bin/uustat binary program of Solaris. An attacker who successfully exploits this vulnerability can completely control the return address of the execution function and execute arbitrary code with uucp user privileges. If the string length after the \"-S\" command line parameter is greater than or equal to 1152 bytes, it may cause the binary program to crash. The following example shows that the buffer is overflowed and the o1 register is completely overwritten by the letter A: bash-2.03\\% ls -l /usr/bin/uustat ---s--x--x 1 uucp uucp 62012 Jan 17 16:07 uustat bash-2.03$ /usr/bin/uustat -S `perl -e \'\'print \"A\"x3000\'\'` Segmentation Fault bash-2.03$ (gdb) info registers g0 0x0 0 g1 0xff315e98 - 13541736 g2 0x1cc00 117760 g3 0x440 1088 g4 0x0 0 g5 0x0 0 g6 0x0 0 g7 0x0 0 o0 0xff3276a8 -13470040 o1 0x41414141 1094795585 ...
The vulnerability is caused due to an error in the IP Stack.
SOLUTION:
Update to firmware revision 7.1(1) or later, which have the
capability to perform load control using TCP throttling. This
prevents a device from reloading.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Knud Erik H\xf8jgaard.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0258 | CVE-2006-0163 | PHPNuke EV Search Module SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
PHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected.
For more information:
SA17543
The vulnerability has been confirmed in version 7.7-R1.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Originally reported in PHP-Nuke by sp3x.
Reported in PHPNuke EV by Lostmon.
ORIGINAL ADVISORY:
http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html
OTHER REFERENCES:
SA17543:
http://secunia.com/advisories/17543/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200601-0231 | CVE-2006-0081 | Intel Graphics Accelerator Drives Remote Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title.
This issue allows attackers to crash the display manager on Microsoft Windows XP, or cause a complete system crash on computers running Microsoft Windows 2000. Other operating systems where the affected display driver is available are also likely affected.
Version 6.14.10.4308 of the Intel Graphics Accelerator driver is considered vulnerable to this issue. Other versions may also be affected.
This issue will be updated as further information becomes available. This issue may be related to the one described in BID 10913 (Microsoft Windows Large Image Processing Remote Denial Of Service Vulnerability), but this has not been confirmed. Attempting to parse very long text in Mozilla Firefox triggers a buffer overflow that crashes the Windows Display Manager. This can
potentially be exploited to cause a DoS e.g. by tricking a user to
open a window to an overly long URL with the browser.
Successful exploitation may cause the system to restart or cause the
system to revert to a low resolution display mode.
The vulnerability has been confirmed in version 6.14.10.4308.
SOLUTION:
Do not visit non-trusted websites or open non-trusted files.
PROVIDED AND/OR DISCOVERED BY:
$um$id
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200512-0832 | CVE-2005-3526 | Ipswitch Collaboration Suite Code Execution Vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow.
The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command.
This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
TITLE:
Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability
SECUNIA ADVISORY ID:
SA19168
VERIFY ADVISORY:
http://secunia.com/advisories/19168/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
IMail Secure Server 2006
http://secunia.com/product/8651/
IMail Server 2006
http://secunia.com/product/8653/
Ipswitch Collaboration Suite 2006
http://secunia.com/product/8652/
DESCRIPTION:
A vulnerability has been reported in Ipswitch IMail
Server/Collaboration Suite, which can be exploited by malicious users
to cause a DoS (Denial of Service). This can be exploited to cause a
buffer overflow, which crashes the server.
Ipswitch Collaboration Suite 2006 Premium Edition:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe
Ipswitch Collaboration Suite 2006 Standard Edition:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe
IMail Secure Server 2006:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe
IMail Server 2006:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe
PROVIDED AND/OR DISCOVERED BY:
The vendor credits 3Com's Zero Day Initiative.
ORIGINAL ADVISORY:
http://www.ipswitch.com/support/ics/updates/ics200603prem.asp
http://www.ipswitch.com/support/ics/updates/ics200603stan.asp
http://www.ipswitch.com/support/imail/releases/imsec200603.asp
http://www.ipswitch.com/support/imail/releases/im200603.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-003.html
March 13, 2006
-- CVE ID:
CVE-2005-3526
-- Affected Vendor:
Ipswitch
-- Affected Products:
Ipswitch Collaboration Suite 2006.02 and below
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since December 13, 2005 by Digital Vaccine protection
filter ID 3982.
-- Vendor Response:
>>From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:
"IMAP: Corrected a vulnerability issue where a properly crafted Fetch
command causes IMAP to crash with a buffer overflow (disclosed by
TippingPoint, a division of 3Com)."
-- Disclosure Timeline:
2005.12.13 - Vulnerability reported to vendor
2005.12.13 - Digital Vaccine released to TippingPoint customers
2006.03.13 - Public release of advisory
-- Credit:
This vulnerability was discovered by Manuel Santamarina Suarez aka
'FistFuXXer'.
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/