VARIoT IoT vulnerabilities database

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. Products containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology's processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap. TITLE: CA Products iGateway Service Content-Length Buffer Overflow SECUNIA ADVISORY ID: SA18591 VERIFY ADVISORY: http://secunia.com/advisories/18591/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Process Automation Manager 11.x http://secunia.com/product/5908/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ BrightStor Storage Resource Manager 6.x http://secunia.com/product/5910/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 1.x http://secunia.com/product/5911/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Identity Minder 8.x http://secunia.com/product/5913/ CA Unicenter Service Fulfillment 2.x http://secunia.com/product/5942/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ DESCRIPTION: Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the handling of HTTP data in the iGateway component. SOLUTION: Update the iGateway component to version 4.0.051230 or later. ftp://ftp.ca.com/pub/iTech/downloads/ PROVIDED AND/OR DISCOVERED BY: Erika Mendoza ORIGINAL ADVISORY: Computer Associates: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Please see below for important changes to CAID 33778 (aka CVE-2005-3653; OSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). Changelog is near end of advisory. Regards, Ken Williams Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] CA Vulnerability ID: 33778 CA Advisory Date: 2006-01-23 Updated Advisory [v1.1]: 2006-01-26 Discovered By: Erika Mendoza reported this issue to iDefense. Mitigating Factors: None. Severity: CA has given this vulnerability a Medium risk rating. Affected Technologies: Please note that the iGateway component is not a product, but rather a common component that is included with multiple products. The iGateway component is included in the following CA products, which are consequently potentially vulnerable. Affected Products: BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup for Windows r11 BrightStor Enterprise Backup 10.5 BrightStor ARCserve Backup v9.01 BrightStor ARCserve Backup Laptop & Desktop r11.1 BrightStor ARCserve Backup Laptop & Desktop r11 BrightStor Process Automation Manager r11.1 BrightStor SAN Manager r11.1 BrightStor SAN Manager r11.5 BrightStor Storage Resource Manager r11.5 BrightStor Storage Resource Manager r11.1 BrightStor Storage Resource Manager 6.4 BrightStor Storage Resource Manager 6.3 BrightStor Portal 11.1 Note to BrightStor Storage Resource Manager and BrightStor Portal users: In addition to the application servers where these products are installed, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability. eTrust Products: eTrust Audit 1.5 SP2 (iRecorders and ARIES) eTrust Audit 1.5 SP3 (iRecorders and ARIES) eTrust Audit 8.0 (iRecorders and ARIES) eTrust Admin 8.1 eTrust Identity Minder 8.0 eTrust Secure Content Manager (SCM) R8 eTrust Integrated Threat Management (ITM) R8 eTrust Directory, R8.1 (Web Components Only) Unicenter Products: Unicenter CA Web Services Distributed Management R11 Unicenter AutoSys JM R11 Unicenter Management for WebLogic / Management for WebSphere R11 Unicenter Service Delivery R11 Unicenter Service Level Management (USLM) R11 Unicenter Application Performance Monitor R11 Unicenter Service Desk R11 Unicenter Service Desk Knowledge Tools R11 Unicenter Asset Portfolio Management R11 Unicenter Service Metric Analysis R11 Unicenter Service Catalog/Assure/Accounting R11 Unicenter MQ Management R11 Unicenter Application Server Management R11 Unicenter Web Server Management R11 Unicenter Exchange Management R11 Affected platforms: AIX, HP-UX, Linux Intel, Solaris, and Windows Status and Recommendation: Customers with vulnerable versions of the iGateway component should upgrade to the current version of iGateway (4.0.051230 or later), which is available for download from the following locations: http://supportconnect.ca.com/ ftp://ftp.ca.com/pub/iTech/downloads/ Determining the version of iGateway: To determine the version numbers of the iGateway components: Go to the igateway directory: On windows, this is %IGW_LOC% Default path for v3.*: C:\Program Files\CA\igateway Default path for v4.*: C:\Program Files\CA\SharedComponents\iTechnology On unix, Default path for v3.*: /opt/CA/igateway Default path for v4.*: the install directory path is contained in opt/CA/SharedComponents/iTechnology.location. The default path is /opt/CA/SharedComponents/iTechnology Look at the <Version> element in igateway.conf. The versions are affected by this vulnerability if you see a value LESS THAN the following: <Version>4.0.051230</Version> (note the format of v.s.YYMMDD) References: (note that URLs may wrap) CA SupportConnect: http://supportconnect.ca.com/ http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not ice.asp CAID: 33778 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 CVE Reference: CVE-2005-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653 OSVDB Reference: OSVDB-22688 http://osvdb.org/22688 iDefense Reference: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 Changelog: v1.0 - Initial Release v1.1 - Removed several unaffected technologies; added more reference links. Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly. If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Dir. of CA Vulnerability Research Team CA, One Computer Associates Plaza. Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://ca.com/calegal.htm Privacy Policy http://www.ca.com/caprivacy.htm Copyright 2006 CA. All rights reserved

D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.  D-Link's multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices.  If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:  The IP header of all messages must have the same Identification Number.  Message 1:  The MORE_FRAGMENTS flag must be set to 1 (IP_MF)  Debris offset = 0  The effective part size of the message is 8 bytes. Null bytes were used in the attack code.  Message 2:  Set the MORE_FRAGMENTS flag to 1 (0x2002)  Debris offset = 16  The valid part is 8 bytes long.  Message 3:  Set the MORE_FRAGMENTS flag to 0 (0x0003)  Debris offset = 24  The valid part is 8 bytes long.  Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. It is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. TITLE: D-Link Wireless Access Point Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18833 VERIFY ADVISORY: http://secunia.com/advisories/18833/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: D-Link DI-784 http://secunia.com/product/8029/ D-Link DI-624 http://secunia.com/product/3660/ D-Link DI-524 http://secunia.com/product/8028/ DESCRIPTION: Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link Wireless Access Point, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of fragmented UDP packets. The vulnerability has been reported in the following products: * D-Link DI-524 Wireless Router (firmware version 3.20 August 18, 2005). * D-Link DI-624 Wireless Router. * D-Link DI-784. SOLUTION: The vulnerability has reportedly been fixed in the latest firmware. PROVIDED AND/OR DISCOVERED BY: Aaron Portnoy and Keefe Johnson ORIGINAL ADVISORY: http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. Cisco Clean Access (CCA) is prone to a denial-of-service vulnerability

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. The VLAN Trunking Protocol (VTP) is Cisco's proprietary protocol for centralized management of VLANs.  If a malformed VTP packet is received, some switch devices may be overloaded. However, an attacker must know the VTP domain name and send malformed VTP packets to the port configured for relay on the switch to exploit this vulnerability. Multiple Cisco switches are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco IOS VTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA23892 VERIFY ADVISORY: http://secunia.com/advisories/23892/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: David Barroso Berrueta and Alfredo Andres Omella have reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to cause a device to reload by sending a specially crafted VTP packet. Successful exploitation requires knowledge of the VTP domain name and the port that is configured for trunking. PROVIDED AND/OR DISCOVERED BY: Alfredo Andres Omella and David Barroso Berrueta, S21SEC ORIGINAL ADVISORY: Cisco Advisory: http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html 21SEC Advisory: http://www.s21sec.com/es/avisos/s21sec-034-en.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients.  A denial of service vulnerability exists in Apple AirPort. A malicious network attacker can send a specially crafted message, causing the network interface of the AirPort base station to stop responding. This occurs when the device handles malformed packets. Specific details regarding this issue are not currently known. This record will be updated when more information becomes available. AirPort Express firmware versions prior to 6.3 and AirPort Extreme firmware versions prior to 5.7 are vulnerable. The vulnerability is caused due to an unspecified error in the base station when handling certain network packets. SOLUTION: Apply updated firmware. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303072 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Credit to Michael Zanetta of NETwork Security Consortium for reporting this issue

The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. The Inter-control Center Communications Protocol (ICCP) is a protocol for communicating data in the control center of a SCADA network. A remote attacker can exploit the vulnerability to perform a denial of service attack on the service. The SISCO OSI stack on the Windows platform incorrectly handles malformed packets, and remote unauthenticated users can perform denial of service attacks on services. This issue allows remote, unauthenticated attackers to crash affected applications, denying further service to legitimate users. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: SISCO OSI Stack Denial of Service Vulnerability SECUNIA ADVISORY ID: SA22047 VERIFY ADVISORY: http://secunia.com/advisories/22047/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: SISCO MMS-EASE 7.x http://secunia.com/product/12072/ SISCO ICCP Toolkit for MMS-EASE 4.x http://secunia.com/product/12073/ SISCO AX-S4 MMS 5.x http://secunia.com/product/12071/ SISCO AX-S4 ICCP 3.x http://secunia.com/product/12070/ DESCRIPTION: A vulnerability has been reported in various SISCO products, which can be exploited by malicious people to cause a DoS (Denial of Service). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SISCO: http://www.sisconet.com/downloads/NESSUS_Vulnerability_Announcement.pdf OTHER REFERENCES: US-CERT VU#468798: http://www.kb.cert.org/vuls/id/468798 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. Display Adapter Driver is prone to a denial-of-service vulnerability

Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. There is an unknown vulnerability in the Mac OS X kernel before 10.3.8

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. Apple Mac OS X Server is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. A successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A successful attack can result in a remote compromise. NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability. Apple QuickTime is prone to multiple remote code-execution vulnerabilities. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. Versions prior to QuickTime 7.0.4 are vulnerable. TITLE: QuickTime Multiple Image/Media File Handling Vulnerabilities SECUNIA ADVISORY ID: SA18370 VERIFY ADVISORY: http://secunia.com/advisories/18370/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) A boundary error in the handling of QTIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious QTIF image is viewed. 2) Some boundary and integer overflow/underflow errors in the handling of TGA images can be exploited to cause a buffer overflow. 3) An integer overflow error exists in the handling of TIFF images. This can potentially be exploited to execute arbitrary code when a malicious TIFF image is viewed. 4) A boundary error in the handling of GIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious media file is viewed. The vulnerabilities affect both the Mac OS X and the Windows platforms. SOLUTION: Update to version 7.0.4. Mac OS X (version 10.3.9 or later): http://www.apple.com/support/downloads/quicktime704.html Windows 2000/XP: http://www.apple.com/quicktime/download/win.html PROVIDED AND/OR DISCOVERED BY: 1) Varun Uppal, Kanbay. 2-3) Dejun Meng, Fortinet. 4-5) Karl Lynn, eEye Digital Security. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303101 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it'll cause memory access violation, and leading to potential Arbitrary Command Execution. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TIFF file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03 Apple QuickTime Player ImageWidth Denial of Service Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : Medium Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. Impact : Denial of Service Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TGA image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04 Apple QuickTime Player Improper Memory Access Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in the Apple QuickTime Player. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple QuickTime is prone to multiple remote code-execution vulnerabilities. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. Versions prior to QuickTime 7.0.4 are vulnerable. A successful attack can result in a remote compromise. NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability. TITLE: QuickTime Multiple Image/Media File Handling Vulnerabilities SECUNIA ADVISORY ID: SA18370 VERIFY ADVISORY: http://secunia.com/advisories/18370/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) A boundary error in the handling of QTIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious QTIF image is viewed. 2) Some boundary and integer overflow/underflow errors in the handling of TGA images can be exploited to cause a buffer overflow. 3) An integer overflow error exists in the handling of TIFF images. This can potentially be exploited to execute arbitrary code when a malicious TIFF image is viewed. 4) A boundary error in the handling of GIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious media file is viewed. The vulnerabilities affect both the Mac OS X and the Windows platforms. SOLUTION: Update to version 7.0.4. Mac OS X (version 10.3.9 or later): http://www.apple.com/support/downloads/quicktime704.html Windows 2000/XP: http://www.apple.com/quicktime/download/win.html PROVIDED AND/OR DISCOVERED BY: 1) Varun Uppal, Kanbay. 2-3) Dejun Meng, Fortinet. 4-5) Karl Lynn, eEye Digital Security. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303101 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This is due to application failure to sanitize the parameter ImageWidth value while parsing TGA image files. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple QuickTime is prone to multiple remote code-execution vulnerabilities. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. Versions prior to QuickTime 7.0.4 are vulnerable. A successful attack can result in a remote compromise. NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability. Fortinet Security Advisory: FSA-2006-06 Apple QuickTime Player Color Map Entry Size Buffer Overflow Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3709 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Buffer Overflow Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter Color Map Entry Size while parsing TGA image files. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . TITLE: QuickTime Multiple Image/Media File Handling Vulnerabilities SECUNIA ADVISORY ID: SA18370 VERIFY ADVISORY: http://secunia.com/advisories/18370/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) A boundary error in the handling of QTIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious QTIF image is viewed. 2) Some boundary and integer overflow/underflow errors in the handling of TGA images can be exploited to cause a buffer overflow. 3) An integer overflow error exists in the handling of TIFF images. This can potentially be exploited to execute arbitrary code when a malicious TIFF image is viewed. 4) A boundary error in the handling of GIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious media file is viewed. The vulnerabilities affect both the Mac OS X and the Windows platforms. SOLUTION: Update to version 7.0.4. Mac OS X (version 10.3.9 or later): http://www.apple.com/support/downloads/quicktime704.html Windows 2000/XP: http://www.apple.com/quicktime/download/win.html PROVIDED AND/OR DISCOVERED BY: 1) Varun Uppal, Kanbay. 2-3) Dejun Meng, Fortinet. 4-5) Karl Lynn, eEye Digital Security. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303101 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. Fortinet FortiGate is prone to a vulnerability that could allow users to bypass the device's URL filtering. FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. Other versions may also be affected. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. TITLE: FortiGate URL Filter and Virus Scanning Bypass Vulnerabilities SECUNIA ADVISORY ID: SA18844 VERIFY ADVISORY: http://secunia.com/advisories/18844/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Fortinet FortiOS (FortiGate) 2.x http://secunia.com/product/2289/ Fortinet FortiOS (FortiGate) 3.x http://secunia.com/product/6802/ DESCRIPTION: Mathieu Dessus has reported two vulnerabilities in FortiGate, which can be exploited by malicious people and users to bypass certain security restrictions. 1) The URL blocking functionality can be bypassed by specially-crafted HTTP requests that are terminated by the CR character instead of the CRLF characters. It is also possible to bypass the functionality via a HTTP/1.0 request with no host header. The vulnerability has been reported in FortiOS v2.8MR10 and v3beta. 2) The virus scanning functionality can be bypassed when sending files over FTP under certain conditions. The vulnerability has been reported in FortiOS v2.8MR10 and v3beta. SOLUTION: Do not rely on URL blocking as the only means of blocking users' access. Desktop-based on-access virus scanners should be used together with server-based virus scanners. PROVIDED AND/OR DISCOVERED BY: Mathieu Dessus ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. Fortinet FortiGate is reportedly prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue is said to occur when files are transferred using the FTP protocol under certain conditions. FortiGate devices running FortiOS v2.8MR10 and v3beta are affected by this issue. Other versions may also be vulnerable. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. The FTP component of Fortinet FortiGate cannot properly filter and check files. TITLE: FortiGate URL Filter and Virus Scanning Bypass Vulnerabilities SECUNIA ADVISORY ID: SA18844 VERIFY ADVISORY: http://secunia.com/advisories/18844/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Fortinet FortiOS (FortiGate) 2.x http://secunia.com/product/2289/ Fortinet FortiOS (FortiGate) 3.x http://secunia.com/product/6802/ DESCRIPTION: Mathieu Dessus has reported two vulnerabilities in FortiGate, which can be exploited by malicious people and users to bypass certain security restrictions. 1) The URL blocking functionality can be bypassed by specially-crafted HTTP requests that are terminated by the CR character instead of the CRLF characters. It is also possible to bypass the functionality via a HTTP/1.0 request with no host header. The vulnerability has been reported in FortiOS v2.8MR10 and v3beta. The vulnerability has been reported in FortiOS v2.8MR10 and v3beta. SOLUTION: Do not rely on URL blocking as the only means of blocking users' access. Desktop-based on-access virus scanners should be used together with server-based virus scanners. PROVIDED AND/OR DISCOVERED BY: Mathieu Dessus ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted GIF image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls. The heap can be overwritten in the Picture Modifier block. The block size calculate code such as: .text:66A339CC mov ax, [esi+0Ch] .text:66A339D0 xor ecx, ecx .text:66A339D2 mov [esp+34h+var_28], ecx .text:66A339D6 mov [esp+34h+var_24], ecx .text:66A339DA mov [esp+34h+var_20], ecx .text:66A339DE mov [esp+34h+var_1C], ecx .text:66A339E2 mov word ptr [esp+34h+var_10], cx .text:66A339E7 mov [esp+34h+arg_4], eax .text:66A339EB movsx eax, ax .text:66A339EE mov word ptr [esp+34h+var_10+2], cx .text:66A339F3 mov cx, [esi+8] .text:66A339F7 movsx edx, cx .text:66A339FA sub eax, edx .text:66A339FC movsx edx, word ptr [esi+6] .text:66A33A00 add eax, 3Eh .text:66A33A03 push edi .text:66A33A04 movsx edi, word ptr [esi+0Ah] .text:66A33A08 sar eax, 3 .text:66A33A0B lea ebx, [esi+6] .text:66A33A0E and eax, 0FFFFFFFCh .text:66A33A11 sub edi, edx .text:66A33A13 movsx edx, ax .text:66A33A16 mov [esi+4], ax .text:66A33A1A imul edi, edx The allocate code is : .text:66A33A68 push edi .text:66A33A69 call sub_668B5B30 But when it real process data to this memory, it use real decode data to write this memory but didn\xa1\xaft check this heap size. This is segment of the write code function(sub_66AE0A70): .text:66AE0B18 movsx edx, word ptr [edi+12h] ; default .text:66AE0B1C imul edx, [edi+0Ch] .text:66AE0B20 mov ecx, [edi+4] .text:66AE0B23 inc word ptr [edi+16h] .text:66AE0B27 mov eax, [esp+arg_0] .text:66AE0B2B add edx, ecx .text:66AE0B2D mov [eax], edx .text:66AE0B2F mov eax, [ebp+10h] .text:66AE0B32 test eax, eax .text:66AE0B34 jz short loc_66AE0B62 .text:66AE0B36 mov ax, [ebp+1Ch] .text:66AE0B3A mov edx, [ebp+0Ch] .text:66AE0B3D movzx cx, ah .text:66AE0B41 mov ch, al .text:66AE0B43 mov [edx], cx .text:66AE0B46 movsx eax, word ptr [edi+12h] .text:66AE0B4A imul eax, [ebp+14h] .text:66AE0B4E add eax, [ebp+10h] .text:66AE0B51 mov cx, [ebp+18h] .text:66AE0B55 mov [ebp+0Ch], eax .text:66AE0B58 mov [ebp+1Ah], cx .text:66AE0B5C mov word ptr [ebp+1Ch], 0 Vendor Status: Apple has released a patch for this vulnerability. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1. Technical Details: When Quicktime processes the data field of a qtif format file, it will copy it to the stack by a byte to a byte , but there is no proper checking, so it will cause a stack overflow in memory. And in this stack, there is a function pointer which will be used immediately when it pre byte copies, so we can use it to bypass any stack overflow protection, such in xp sp2 and 2003 sp1. The origin function point value is 0x44332211. We only need to overflow it to : 0x08332211, ensuring it didn't cause a crash before the 0x44 has been overflowed to 0x08. When it overflows to 0x08332211, we can execute code to 0x08332211, and can first use javascript to get this memory and set my code in it. call [esp+138h+arg_4] <- call a function point in the stack, but this point can be overflowed References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-2340. Credit: Discovery: Fang Xing Greetings: Thanks to all the guys at eEye, and especially Karl Lynn's help. Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. Multiple Check Point ZoneAlarm products are prone to local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain elevated privileges and completely compromise an affected computer. These issues have been confirmed in: ZoneAlarm 6.5.737 ZoneAlarm Security Suite 5.5.062.004 and 6.5.737. Other versions are likely vulnerable as well. The following are vulnerable: - Versions prior to ZoneAlarm 7.0.362 - Zone Labs products that include 'vsdatant.sys' 6.5.737.0. ZoneAlarm is a personal computer firewall that protects personal data and privacy. The IOCTL handling code of the ZoneAlarm product vsdatant.sys device driver does not validate the userland-supplied addresses passed to IOCTL 0x8400000F and IOCTL 0x84000013. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: ZoneAlarm Products Insecure Directory Permissions and IOCTL Handler Privilege Escalation SECUNIA ADVISORY ID: SA26513 VERIFY ADVISORY: http://secunia.com/advisories/26513/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: ZoneAlarm 6.x http://secunia.com/product/5806/ ZoneAlarm 7.x http://secunia.com/product/13889/ ZoneAlarm 5.x http://secunia.com/product/4647/ ZoneAlarm Pro 5.x http://secunia.com/product/4280/ ZoneAlarm Pro 6.x http://secunia.com/product/6071/ ZoneAlarm Security Suite 5.x http://secunia.com/product/4272/ ZoneAlarm 2.x http://secunia.com/product/3056/ ZoneAlarm 3.x http://secunia.com/product/153/ ZoneAlarm 4.x http://secunia.com/product/150/ ZoneAlarm Anti-Spyware 6.x http://secunia.com/product/6073/ ZoneAlarm Antivirus 5.x http://secunia.com/product/4271/ ZoneAlarm Antivirus 6.x http://secunia.com/product/6074/ ZoneAlarm Internet Security Suite 6.x http://secunia.com/product/6072/ ZoneAlarm Plus 3.x http://secunia.com/product/3057/ ZoneAlarm Plus 4.x http://secunia.com/product/151/ ZoneAlarm Pro 2.x http://secunia.com/product/152/ ZoneAlarm Pro 3.x http://secunia.com/product/1960/ ZoneAlarm Pro 4.x http://secunia.com/product/1961/ ZoneAlarm Wireless Security 5.x http://secunia.com/product/4648/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in ZoneAlarm products, which can be exploited by malicious, local users to gain escalated privileges. 1) Insufficient address space verification within the 0x8400000F and 0x84000013 IOCTL handlers of vsdatant.sys and insecure permissions on the "\\.\vsdatant" device interface can be exploited to e.g. access the said IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges. SOLUTION: Update to version 7.0.362. http://www.zonealarm.com/store/content/catalog/download_buy.jsp?dc=12bms&ctry=US&lang=en PROVIDED AND/OR DISCOVERED BY: 1) Ruben Santamarta, reported via iDefense Labs. 2) Discovered by an anonymous person and reported via iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 Reversemode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . BACKGROUND Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-ware protection. http://www.zonelabs.com/ II. The vulnerability specifically exists in the default file Access Control List (ACL) settings that are applied during installation. When an administrator installs any of the Zone Labs ZoneAlarm tools, the default ACL allows any user to modify the installed files. Some of the programs run as system services. This allows a user to simply replace an installed ZoneAlarm file with their own code that will later be executed with system-level privileges. III. ANALYSIS Exploitation allows local attackers to escalate privileges to the system level. It is also possible to use this vulnerability to simply disable protection by moving all of the executable files so that they cannot start on a reboot. IV. V. WORKAROUND Apply proper Access Control List settings to the directory that ZoneAlarm Security Suite is installed in. The ACL rules should make sure that no regular users can modify files in the directory. VI. http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-2932 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/29/2005 Initial vendor notification 09/29/2005 Initial vendor response 10/19/2006 Second vendor notification 08/20/2007 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets. The Blackberry Enterprise Server Router component is prone to a denial of service vulnerability. This could only be exploited by an attacker who can communicate with the Router. 1) An error exists in the Attachment Service when handling malformed TIFF image attachments. This can be exploited to prevent a BlackBerry user from viewing attachments. Successful exploitation requires that the attacker is able to connect to the BlackBerry Server/Router via port 3101/tcp. SOLUTION: The vendor recommends the following workaround. 1) Exclude TIFF images from being processed by the Attachment Service and/or disable the image attachment distiller. Refer to the vendor's original advisory for specific instructions. PROVIDED AND/OR DISCOVERED BY: FX, Phenoelit. ORIGINAL ADVISORY: http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167898 http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167895 OTHER REFERENCES: US-CERT VU#570768: http://www.kb.cert.org/vuls/id/570768 US-CERT VU#392920: http://www.kb.cert.org/vuls/id/392920 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------