VARIoT IoT vulnerabilities database

Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). Motorola cable modem is a network device that connects PC, TV, telephone, fax and other devices to the Internet through a coaxial cable.  Motorola cable modems have a denial of service vulnerability when processing TCP Land messages, which may allow an attacker to block communication to any target network service. The device must be physically restarted to resume normal operation. This issue allows attackers to block network traffic to arbitrarily targeted network services

Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi with the Page parameter set to adv_password.asp. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through the web-based control interface. Unauthenticated attackers can force the device to reset the administrative credentials without authorization. Once credentials have been reset an attacker can log in and perform malicious actions, potentially compromising the entire LAN behind the device. Although a dialog box appears asking for a user name and password, click \"Cancel\" to proceed with the attack. SOLUTION: The product has reportedly been discontinued and a patch will not be issued. PROVIDED AND/OR DISCOVERED BY: TNull ORIGINAL ADVISORY: iDEFENSE: http://www.idefense.com/application/poi/display?id=348&type=vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass Vulnerability iDefense Security Advisory 12.07.05 www.idefense.com/application/poi/display?id=348&type=vulnerabilities December 7, 2005 I. BACKGROUND The Dell TrueMobile 2300 Wireless Broadband Router is an 802.11b/g wireless access point, wired ethernet switch and internet router. More information can be found at the following URL: http://support.dell.com/support/edocs/network/p57205/en/intro/index.htm II. The Dell TrueMobile 2300 is a wireless router and access point. (The IP is typically 192.168.2.1, and [ROUTER IP] should be replace by the router's actual address.) http://[ROUTER IP]/apply.cgi?Page=adv_password.asp&action=ClearLog Although dialog boxes for entering the username and password appear, pressing cancel will not prevent this exploit from working. III. The precise cause of the error is unknown. Although there is GPL source code available for this product, the firmware's source code version has not been kept up to date with the binary version. As a result, it does not directly allow the cause of the vulnerability to be determined. Based on analysis of the affected binary, /usr/sbin/httpd, and the previous version of the source code it appears the cause is a logic error involving the 'ClearLog' string being checked without first ascertaining that the page was one where that made sense. Although the binary appears to be largely the same code as the available source code, there are many differences. In the binary version, the authentication is not performed in the same order as in the source version. It is likely that the determination of which pages to check is now done on the basis of the 'action' variable, rather than the previous method of using the page name. IV. DETECTION iDefense has confirmed the existence of this vulnerability in the following Dell TrueMobile 2300 firmware versions: \x95 3.0.0.8, dated 07/24/2003 \x95 5.1.1.6, dated 1/31/2004 Previous versions of this may also be affected, however it is not clear in which version the vulnerability was introduced. V. WORKAROUND In order to mitigate exposure to this vulnerability from remote attackers, employ encryption on your wireless interface, or disable it if it is not required. The exact settings to use are dependant on your wireless security policy. This workaround does not prevent exploitation from the local network via wired interfaces. VI. VENDOR RESPONSE "The vendor is no longer selling this product and has replaced it with newer models that do not exhibit the defect. Therefore, a patch will not be released to address this issue." VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-3661 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 11/17/2005 Initial vendor notification 11/18/2005 Initial vendor response 12/07/2005 Public disclosure IX. CREDIT TNull is credited with the discovery of this vulnerability. Get paid for vulnerability research http://www.iDefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.iDefense.com X. LEGAL NOTICES Copyright \xa9 2005 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@iDefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on affected computers. Specific issues arising from this vulnerability depend on the intended policies defined by administrators. Some examples of the consequences are: unauthorized computers may connect, scripts may not execute, or insecure network configurations may be possible. Check Point's VPN-1 is a tightly integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. SecureClient is one of the client components. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Debian update for kernel-source-2.4.27 SECUNIA ADVISORY ID: SA23395 VERIFY ADVISORY: http://secunia.com/advisories/23395/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ DESCRIPTION: Debian has issued an update for kernel-source-2.4.27. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service), and by malicious people to cause a DoS. For more information: SA21563 SA21999 SA22253 SA22289 SA23361 SOLUTION: Apply updated packages. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This check may be bypassed by users with write-access to the file by continuously replacing it with a modified copy. This weakness can potentially allow the SCV (Secure Configuration Verification) feature of the product to be bypassed, which allow client systems that are not compliant to the organisation's security policies to connect to the internal networks. PROVIDED AND/OR DISCOVERED BY: Viktor Steinmann ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1237-1 security@debian.org http://www.debian.org/security/ Dann Frazier December 17th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kernel-source-2.4.27 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4093 Olof Johansson reported a local DoS (Denial of Service) vulnerability on the PPC970 platform. Unpriveleged users can hang the system by executing the "attn" instruction, which was not being disabled at boot. CVE-2006-4538 Kirill Korotaev reported a local DoS (Denial of Service) vulnerability on the ia64 and sparc architectures. A user could cause the system to crash by executing a malformed ELF binary due to insufficient verification of the memory layout. CVE-2006-4997 ADLab Venustech Info Ltd reported a potential remote DoS (Denial of Service) vulnerability in the IP over ATM subsystem. A remote system could cause the system to crash by sending specially crafted packets that would trigger an attempt to free an already-freed pointer resulting in a system crash. CVE-2006-5174 Martin Schwidefsky reported a potential leak of sensitive information on s390 systems. The copy_from_user function did not clear the remaining bytes of the kernel buffer after receiving a fault on the userspace address, resulting in a leak of uninitialized kernel memory. A local user could exploit this by appending to a file from a bad address. CVE-2006-5649 Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service) vulnerability on powerpc systems. The alignment exception only checked the exception table for -EFAULT, not for other errors. This can be exploited by a local user to cause a system crash (panic). CVE-2006-5871 Bill Allombert reported that various mount options are ignored by smbfs when UNIX extensions are enabled. This includes the uid, gid and mode options. Client systems would silently use the server-provided settings instead of honoring these options, changing the security model. This update includes a fix from Haroldo Gamal that forces the kernel to honor these mount options. Note that, since the current versions of smbmount always pass values for these options to the kernel, it is not currently possible to activate unix extensions by omitting mount options. However, this behavior is currently consistent with the current behavior of the next Debian release, 'etch'. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.4.27-10sarge5 Alpha architecture 2.4.27-10sarge5 ARM architecture 2.4.27-2sarge5 Intel IA-32 architecture 2.4.27-10sarge5 Intel IA-64 architecture 2.4.27-10sarge5 Motorola 680x0 architecture 2.4.27-3sarge5 Big endian MIPS 2.4.27-10.sarge4.040815-2 Little endian MIPS 2.4.27-10.sarge4.040815-2 PowerPC architecture 2.4.27-10sarge5 IBM S/390 architecture 2.4.27-2sarge5 Sun Sparc architecture 2.4.27-9sarge5 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 3.1 (sarge) fai-kernels 1.9.1sarge5 kernel-image-2.4.27-speakup 2.4.27-1.1sarge4 mindi-kernel 2.4.27-2sarge4 systemimager 3.2.3-6sarge4 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge5.dsc Size/MD5 checksum: 831 b970d762bf162cdfc8df32549bbdd566 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge5.tar.gz Size/MD5 checksum: 32299 1007b0e6ba417ea12969e495056b2d5e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.dsc Size/MD5 checksum: 840 381052d0f0e53b867b8190d9bf0e0d1b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.tar.gz Size/MD5 checksum: 34450 4fe66843eb3dde9636a292726b0720ca http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.dsc Size/MD5 checksum: 1581 f670c9495d1e6b3fc0dae34079be2703 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.tar.gz Size/MD5 checksum: 99762 689742b819b03635be81e56f236f015b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge5.dsc Size/MD5 checksum: 1143 aa5d275cbb5e611a430558c75d2ddce6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge5.tar.gz Size/MD5 checksum: 55593 e8517a3876c679cf01ccdbdaf666c4fd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.dsc Size/MD5 checksum: 876 7416f4d8d7d4d468977f966d6cb680da http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.tar.gz Size/MD5 checksum: 12864 5d32bbaecfcef58ac406939346922caa http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge5.dsc Size/MD5 checksum: 1074 cf00f7439b32b998ac35cf9bc0ba17ce http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge5.tar.gz Size/MD5 checksum: 24784 bb76d31c4e97594546a1ce46205627be http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge5.dsc Size/MD5 checksum: 832 61fe3968d2b8e2a0ae27d86bdadd82dd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge5.tar.gz Size/MD5 checksum: 10570 982fd40704097c18838e3954de9d946e http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge4.dsc Size/MD5 checksum: 732 ea5120c744a0c6680bd77bc262018e6d http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge4.tar.gz Size/MD5 checksum: 18921 f898a597de3f981b99848160f092f06e http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-2.dsc Size/MD5 checksum: 1051 007ebb5db36532e0bef9462411d7a25b http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-2.tar.gz Size/MD5 checksum: 309221 e9154cdadd12cf9d3042fc3c69906796 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge5.dsc Size/MD5 checksum: 1131 6b22f4ecad2ce3d2404d606c77da9dc7 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge5.tar.gz Size/MD5 checksum: 1464751 d1891087138beef4e77784e3b29230b5 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5.dsc Size/MD5 checksum: 900 6b7eaed1211e79eeb7822c470588dc10 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5.diff.gz Size/MD5 checksum: 755526 437a36887a3730d49c6681e163085c91 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz Size/MD5 checksum: 38470181 56df34508cdc47a53d15bc02ffe4f42d http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4.dsc Size/MD5 checksum: 750 49de53f3e66da5396a7c447411eda404 http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4.diff.gz Size/MD5 checksum: 5089 400dd7c2ce12ba55e876cb90a035095f http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz Size/MD5 checksum: 9501 a4ad085824ade5641f1c839d945dd301 Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge5_all.deb Size/MD5 checksum: 3581076 e1bbfffc57dbdfd0b9cd2d0a66a7744b http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge5_all.deb Size/MD5 checksum: 710724 9535988810d9c8f3f4019720bd49a30b http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5_all.deb Size/MD5 checksum: 31034148 28894dd804436675aedfc296a8ee4d63 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge5_all.deb Size/MD5 checksum: 27696 90eb280799013da95a3c1188e8b84d50 http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge4_all.deb Size/MD5 checksum: 2420804 1a05dca524994806146a6900efa71899 Alpha architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-2_2.4.27-10sarge1_alpha.deb Size/MD5 checksum: 5690 26d3f171f62b80b0b8e978652f8f485a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-3_2.4.27-10sarge5_alpha.deb Size/MD5 checksum: 8074 4f676244465a1b8492343ffc27de9b7b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2_2.4.27-10sarge1_alpha.deb Size/MD5 checksum: 4572104 d92c8a0b7398b6b41d52c7a55a3d88f1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb Size/MD5 checksum: 270932 be9e18785e87f29f8632a9fc973b0bbb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb Size/MD5 checksum: 272886 dea691efa19f4b82691124fa62e8963f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge5_alpha.deb Size/MD5 checksum: 4574778 a40c45730f344deb8cfcc1d1a7ad2488 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge5_alpha.deb Size/MD5 checksum: 273276 95820aca7779957cdc5b380de2241a4d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge5_alpha.deb Size/MD5 checksum: 275206 01567b6608388db6ecbea1a4cfa5a99f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb Size/MD5 checksum: 16516634 eb2e92ade4debc9bfdedb40134b3efd6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb Size/MD5 checksum: 16970506 2b58db598e31823c08f993da80ab10d0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge5_alpha.deb Size/MD5 checksum: 16531732 f6b0507544d219740e11894d49906179 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge5_alpha.deb Size/MD5 checksum: 16983616 735c022a0d097f46a03348fe91a6e7ac http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_alpha.deb Size/MD5 checksum: 20480 505188720fcfed347602c30bb1cd5f6c ARM architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 483596 fe85544eabe959ce72f05dda8d65185a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 4726650 4729ca286f8e2314f6c5cdfaefbe93aa http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 1695008 4beae00e1c3e83463a772fe17aebc80f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 1059362 ee2f850805f19c7fdfdb8c866566cc56 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 7376966 26755e712c14e0003b0d599ccc1bac98 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 3165708 f673a41f1403e7a85e9cdbfc6cffb23b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge5_arm.deb Size/MD5 checksum: 3687138 022d79de206311aa2364e5449915a94d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_arm.deb Size/MD5 checksum: 18868 b0530590361123733515d0cd21bb01c9 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-2_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 8224 ae479d6dbd6c171e94a25e5b59b4243f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 10534 c2e539824425af065b4617aa3589b782 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 1823160 c058363ae7646c370f77d620c6bb6438 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-386_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 297168 19b508f76e107d8cf988560b3fd04a8b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 298340 073efbc2d728e4ee3b30e980d2d0f5e6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 298200 94f48b9438f8e100590c8874b3c05e0c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 300156 1143aa70f66386bf4789431e80810b2d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k6_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 297050 44f3d785ad2c70829373321327e6e3e6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 297978 7795ea75d534ded9d2a7ade27fc3cf21 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 299650 9676b8d779e9dd09f0583d950e2fd2d5 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 1825394 6ca7de755e3890e989cfaa2271a0ba3d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 299390 5973792d7e12022780b7d4d51e1f2372 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 300664 948a088ae36738d5de11375009a162b6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 300562 620f476d04bfe3a906b9110d9495f902 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 302114 14db999e3504855ab0239341e41b8d0d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 299548 6b842b2221e6afa94332d6e2e434f5e2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 300286 483ea0ad7316d1c82e1d667d8826d536 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 302128 d5f9b05985e032d4ce522283566b0fdd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-386_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 11046010 e32bdedde43897d24792ce5199c8e428 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 12024834 edfa4a6008fde7599fbd7e5081cc2bb9 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 12336042 d2c1f84d0c771fa8de10c87e0cb35e70 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 12679824 4ab0ad4ca8bf76e6614768cee8245c24 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k6_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 11708878 7842c8dfed5e6c2cbbed136807b5cf7f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 12083292 b45dd7f50ef9f4726711c4af87368037 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 12415392 b56e1c928e816d53f6cba41f0138e91d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 11052302 255d69882c14e9a92cf951b2fff9263f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 12036374 f576550eacb4d17f1388b89ce9615f06 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 12355204 cd85e4ca2b25cecddd0077b4eb47a0ce http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 12695118 31480c61a3ac3c71d4a1b9703b8d8139 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 11723728 3e4e06b330cd1ac479769baac326df7b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 12098618 541559dcbaa99bbd02642fe31b063ffd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 12434342 5813dbe009eea4141a872752874f0335 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-386_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 267586 95d23b87e054f0a8dc82edd6a7f51f60 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 292452 d090775026be223c949e0f86f5b1f646 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 298278 f8cc95014790c87b62bf81b2b2d2d674 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 303840 f1362454b42361047297b1ef7f90769c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k6_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 286252 d67de5ec744bad676981089e5623561c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 292100 0ce7cff58a32eb924199a652062a7e9f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb Size/MD5 checksum: 296978 fdb699b60e0d3ae5fa4df76e0203c603 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 269980 77410fc804084d2169ceb1319a9e690f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 294862 b6270e45a1acfc537b6d9ba474e163d7 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 300698 939c08139e1e17f754d9d676ca3f9c04 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 306442 507f4d8c295e1c4549b06ded67009b98 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 288692 900499f7b356261f9859d051c96a54e8 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 294624 64620786d42099ead5e5bdb829f7c573 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb Size/MD5 checksum: 299512 6a06f4d16650536bdcd1dd7f44851a3d http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge4_i386.deb Size/MD5 checksum: 4773910 8c3955d4fa6d3af721c7d820a2e9d5a1 http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge4_i386.deb Size/MD5 checksum: 11308946 ac2eca7ddc6e0fcfa0b7d835b28d3c41 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_i386.deb Size/MD5 checksum: 16632 bab2d60567d5858c019407cca58d6688 http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4_i386.deb Size/MD5 checksum: 7775346 31814a4d66ec8053772ad147a4a62b26 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-2_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 5190 00c8fff6af32adf62f8c91794745931b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-3_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 7486 b40d48a972ee0cb277b63a649e0d01f2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 4678756 01467522c3106fab54cf6983a9c6487d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 239184 cd07eff9264141e6ddbd015f5f76e99e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 240504 03b131531af57cd2f46cf8ff8ba93f45 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 239212 457102e92a389246447410ce172bbd2f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 240498 66cc452b54b87366d7755da6693aa76c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 4689752 b5ef21aee13412359cdb7fb5e039de74 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 242570 3dbd1ce3bbfed1c7c4aeb3de2396cf77 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 243234 14ed081560b4008f6e391b325b39544f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 242366 4acf18300727b24afe4f223623e5c44d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 243558 f48e9a34ea714966024f24277293d1d6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 7262 4cc86fa5dd7f157ab7fa3747f9ac8573 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 7274 7b6dec36049b6f277b72c2c6a24dd538 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 7290 00cf535d95cb5a827d53219de9d2b0a1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 7302 093e0825e05675fd728a7db694531f1a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 16665798 0dfd99eeb9d1c8933ec71f0cdc80a71e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 17023766 09ae0a0c0b133abe047cd50b8e09f02e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 16623970 2b70e151d5c13c89d7646dc01d28a277 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb Size/MD5 checksum: 16970478 affcf0503482e489ae8384b3d7279fce http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 16677620 d997c6d47e3592b0ab8c82917548102b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 17037020 75b4b47d8ebd8cd91327cfeaf76dd0d9 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 16630570 11c5c2ea12f3cab5865b225f765d71c0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge5_ia64.deb Size/MD5 checksum: 16988538 f8b022aa39e91bccc24ab3adaab2c7aa http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_ia64.deb Size/MD5 checksum: 22224 a4d38a63b6bd0399aa84d50d23f09cf6 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2642370 64f44bc3e9c3313cb7aecf789ddb51de http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2545710 6dcdfedd3356d0f20e7899da7a7ff2bd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2396790 5d278c185e1ca1d34e65dc657cbcbe96 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2478704 181df694d051555f0253ff27e9f0863c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2326206 033f694ed1a6acc24efb07ecdbbe125c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2397324 f716f0313d88c62779569712078ae0c8 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge5_m68k.deb Size/MD5 checksum: 2262406 c0c6fbb7a1160688f8e8c7ae97d43e9a http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_m68k.deb Size/MD5 checksum: 16338 f9b14151760944376dfbbbfc47b73346 IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-2_2.4.27-2sarge1_s390.deb Size/MD5 checksum: 4578000 97fce93cc2ebc4da7c0a7bab1c157aef http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-3_2.4.27-2sarge5_s390.deb Size/MD5 checksum: 4579864 fc815cfb54bdfed711c2c09fae740500 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390_2.4.27-2sarge1_s390.deb Size/MD5 checksum: 2774574 86262b4b2bb4c6db5471c97dcc1747b4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390-tape_2.4.27-2sarge1_s390.deb Size/MD5 checksum: 991868 a712b00ecf74c79fadeeb0f50b298618 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390x_2.4.27-2sarge1_s390.deb Size/MD5 checksum: 2966354 5ebdd9b9fa80cdbdf0049683eaad24ee http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge5_s390.deb Size/MD5 checksum: 2782140 11029023c05ea13dc51206e74bdb2391 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge5_s390.deb Size/MD5 checksum: 995678 a642f56da45718fe0a665ad1836f6112 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge5_s390.deb Size/MD5 checksum: 2974550 749696ce8a74c220819579cb14ebff3a http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_s390.deb Size/MD5 checksum: 19338 c86219a43c645a82ee1782d94dc6dce8 Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-2_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 8328 1e092e0877937ac5dbf46e347992c7d3 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-3_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 10550 164dc9869ea386fd3169864645d89a98 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 2023482 b50d08e5c4c12fff4473e77babeda1ab http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 162670 2c495f6b6e414dc24f2c676ecd84dda4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 164478 f59e33098dec7e1ff68b162aab6d56a6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 201214 fa92988ddfba0e9f03ace13f365dfc77 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 202452 d56ab1dd8ddb9d4b10de13c37c4c4af5 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 2025304 c036f26f3bb2c1a7f1acc7588b54c389 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 164532 18adb86c0d3ce5b6424b277ce2e39794 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 166318 d3fa63eab9ddab3f6b5db8f385ffe458 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 202940 c03ec973495d21f03df3f156c3dc033b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 204266 547fb57dd64584ee765c427d2c0554fd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 3597102 1c5334adb92bbaf0ce96e82abcf6d77e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 3784076 3d1b5e5c3e147bf760c6077fa36eb783 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 6377902 7bd0e77ec9494b0ed352917b829fa5a0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb Size/MD5 checksum: 6543220 a73b077777c3a22ca9538666d3ff8aee http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 3605072 14ac1e3ce17cbf64bfd7a61f520cf494 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 3792788 38ef858c0ff9158cf44590782f5664e0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 6385736 5dfaf6a6a6e5a809a38458ef79661d3b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge5_sparc.deb Size/MD5 checksum: 6550182 97b6ef3ce231c448687bf357daae4faf http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_sparc.deb Size/MD5 checksum: 18200 1465507e83184c1c32b2015530dc39c9 AMD64 architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_amd64.deb Size/MD5 checksum: 17252 8c0ddf9b2b2c5f7ac695d7f10af7aeb5 HP Precision architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_hppa.deb Size/MD5 checksum: 19334 22608a5cbf78b9dfb49a91685513485e Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-2_mips.deb Size/MD5 checksum: 4681544 e5ad300c16978417dfdb04a55b3cf505 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-2_mips.deb Size/MD5 checksum: 3854770 6fb17fc57af59997c55dc5d15fe86324 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-2_mips.deb Size/MD5 checksum: 3857642 135e1590f21c14db5765422dadd03571 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-2_mips.deb Size/MD5 checksum: 7186300 c841f01587ec79fc411bda056d663a04 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_mips.deb Size/MD5 checksum: 20448 02fd1e80e83a5c3e7b6b16832b77cc26 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 4686676 eb7e81b8a3a6829252a02251aed92b08 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 3037974 ea0208a51612c1e34a6aa60410d21c3d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 2999656 ec0c25c38b5e7a8a65142bbc52b8220d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 4107630 deefd96c7f6b2e3e954c98284d367e61 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 2141986 e3ea6afd27d393fcdf6b20a755fa7a41 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 7048130 dd624bc0af5d1e39be9084a58ad575d5 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 4677566 6179a00efde69e2bef158f584b667bc9 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_mipsel.deb Size/MD5 checksum: 20488 41476ba7fba16f7453c72fad3ac7279a PowerPC architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 143604 dbd3e6559ab4d24640e78fa5096b8d4d http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 143402 0ac835db06b6feb1b662ffe7cee6b1ca http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 157358 df24d8751cee33c2ec3490fe3c58aab5 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 157652 f95e05ad17a85a314f36ad794231bd19 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 157408 19f3fa73f641f93a734b5a0c1d92800a http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 4684386 33f89f6ff68d4697590dc56da8f5c85b http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 4694600 0d7e24209c0c22ad726ddc7d2046f5e4 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 4802248 dc4bb7170432243f61d1ccf10820518f http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 2502696 794593451ab3047561014f148290650c http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 1819296 026d70d2989c1f5345280777f8430d33 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 13486360 c02196059ed6f7103d6faa2a45320828 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 12759400 e9108a2f987765ff915435b199bda15e http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 13792416 3af28a8ab21e298043311c0e15b19184 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 65868 b0f73596dd19e6c41d0fa64f5c3d7e22 http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 11006 c537fc249b24e8d4c57165e6f4d6ad5a http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb Size/MD5 checksum: 10928 11f29b35752d4f50ea28b345001efb2b http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_powerpc.deb Size/MD5 checksum: 18902 a8338f398511cd07bd619b812f18d76b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFhU8VXm3vHE4uyloRAqyaAJoCjTG8pCP4OuaLqSRiqr2F/TIh0QCg0oNv cX7kv9vIm6CBHm4dJqv7whM= =e1p5 -----END PGP SIGNATURE-----

Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in a format-specifier argument to a formatted printing function. This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. TITLE: Ipswitch IMail Server IMAP and SMTP Service Two Vulnerabilities SECUNIA ADVISORY ID: SA17863 VERIFY ADVISORY: http://secunia.com/advisories/17863/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Ipswitch Collaboration Suite (ICS) 2.x http://secunia.com/product/5167/ IMail Server 8.x http://secunia.com/product/3048/ DESCRIPTION: Two vulnerabilities have been reported in IMail Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system. 2) An error exists in the IMAP4D32 service when handling user supplied arguments passed to the IMAP LIST command. This can be exploited by a logon user to cause a memory dereferencing error, which crashes the IMAP service by supplying an argument of approximately 8000 bytes to the command. The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected. SOLUTION: Update to the fixed versions. IMail Server 8.20: Update to version 8.22. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . BACKGROUND Ipswitch Collaboration Suite provides e-mail and real-time collaboration, calendar and contact list sharing, and protection from spam and viruses, all delivered in an easy to use suite. http://www.ipswitch.com/products/collaboration/index.asp II. All of the commands are handled by the same function which parses user-supplied input strings. The following debugger session shows a backtrace with user-supplied strings as values. With properly constructed input value, the strings would be interpreted as memory addresses that would be executed upon returning from the current function. [..] 00A7F370 006020A0 00A7F374 00A7F634 ASCII 5B,"192.168.242.1] MAIL FROM:C:\apps\Ipswitch\Collaboration Suite\IMail\spool\T94e8013e00000005" 00A7F378 00000000 00A7F37C 00000000 00A7F380 7C34FC0B RETURN to MSVCR71.7C34FC0B from MSVCR71.write_char 00A7F384 00602048 00A7F388 00A7F648 ASCII 20,"FROM:C:\apps\Ipswitch\Collaborat" [..] III. Ipswitch mail services are commonly configured to allow untrusted access. The use of a firewall or other mitigating strategy is highly recommended due to the nature of this vulnerability. The IMail SMTP server is installed by default. IV. V. WORKAROUND iDEFENSE is currently unaware of any effective workarounds for this issue. Access to the affected host should be filtered at the network boundary if global accessibility is not required. Restricting access to only trusted hosts and networks may reduce the likelihood of exploitation. VI. VENDOR RESPONSE Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at: http://www.ipswitch.com/support/ics/updates/ics202.asp IMail Server 8.22 has been released to address this issue and is available for download at: http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2931 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure IX. CREDIT iDEFENSE credits Nico with the discovery of this vulnerability. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.idefense.com X. LEGAL NOTICES Copyright \xa9 2005 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. Successful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability iDEFENSE Security Advisory 12.06.05 www.idefense.com/application/poi/display?id=347&type=vulnerabilities December 6, 2005 I. BACKGROUND Ipswitch Imail Server is an email server that is part of the IpSwitch Collaboration suit. Imail Supports POP3, SMTP, IMAP and web based email access. More Information can be located on the vendor\x92s site at: http://www.ipswitch.com/Products/collaboration/index.html II. The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit. III. The LIST command is only available post authentication and therefore valid credentials are required to exploit this vulnerability. IV. DETECTION iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail 8.2. V. WORKAROUND As this vulnerability is exploited after authentication occurs, ensuring that only trusted users have accounts can mitigate the risk somewhat. As a more effective workaround, consider limiting access to the IMAP server by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3. VI. VENDOR RESPONSE Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at: http://www.ipswitch.com/support/ics/updates/ics202.asp IMail Server 8.22 Patch has been released to address this issue and is available for download at: http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2923 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure IX. CREDIT Sebastian Apelt is credited with discovering this vulnerability. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.idefense.com X. LEGAL NOTICES Copyright \xa9 2005 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . 1) A format string error exists in the SMTPD32 service when parsing arguments supplied to the "expn", "mail", "mail from", and "rcpt to" commands. This can be exploited to execute arbitrary code via specially crafted arguments sent to the affected commands. The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected. SOLUTION: Update to the fixed versions. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php. This issue is due to a failure in the application to perform proper authentication on user credentials before granting access to privileged scripts. An attacker can exploit this vulnerability to access privileged scripts without requiring authentication credentials

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. This issue may be triggered when the application processes a malformed movie (.MOV) file. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. Technical Details: Technical Description: The code in QuickTime.qts responsible for the size of the Sample Description Table entries from the 'stsd' atom in a QuickTime-format movie on the heap. According to developer.apple.com, the format of the Sample Description Atom is as follows: Field Description ---------------------------------------------------------------- Size 32-bit int Data Format 4 char code Reserved 6 bytes that must be 0 Data Reference Index 16-bit int Hint Track Version 16-bit unsigned int Last compatible hint track version 16-bit unsigned int Max Packet Size 32-bit int Additional Data Table Variable By setting the size of the Sample Description Table to a size of 00 15 - 00 D0 will cause a heap-based overflow. By supplying the "Last compatible hint track version" field with the value of 00 05 - 00 09, an insufficiently-sized heap block will be allocated, resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function and the attacker can control memory with data taken from the filename of the .MOV file. This vulnerability can be successfully exploited via an embedded media player in an HTML page, email, or HTML link. References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-4092. Credit: Discovery: Karl Lynn Greetings: 0x41414141 Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. Avaya TN2602AP IP Media Resource 320 is prone to a remote denial of service vulnerability. A successful attack can result in a memory leak and lead to a denial of service condition due to a crash. Avaya TN2602AP IP Media Resource 320 versions prior to vintage 9 firmware are vulnerable to this issue. The vulnerability is caused due to an unspecified error. This can be exploited to cause memory leaks, which can potentially cause a DoS via specially crafted packets. SOLUTION: Update to vintage 9 firmware. http://support.avaya.com/japple/css/japple?temp.documentID=236667&temp.productID=136527&temp.releaseID=228560&temp.bucketID=108025&PAGE=Document#TN2602 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. This issue only affects computers running affected versions of Cisco Security Agent on the Microsoft Windows platform. Further details are not currently available, this BID will be updated as information becomes available. Cisco Security Agent adopts behavior-based evaluation criteria to identify and protect servers and terminal computers, instead of relying only on signature matching for analysis and identification, successfully solving the security risks brought by unknown viruses. The vulnerability is caused due to an unspecified error in CSA on the Windows platform. This can be exploited by malicious users to gain SYSTEM privileges on a vulnerable system. The vulnerability has been reported in the following versions: * Cisco CSA version 4.5.0 (all builds) managed and standalone agents. * Cisco CSA version 4.5.1 (all builds) managed and standalone agents. * Cisco CSA version 4.5.0 (build 573) for CallManager. * Cisco CSA version 4.5.1 (build 628) for CallManager. * Cisco CSA version 4.5.1 (build 616) for Intelligent Contact Management (ICM), IPCC Enterprise, and IPCC Hosted. * Cisco CSA version 4.5.0 ( build 573) for Cisco Voice Portal (CVP) 3.0 and 3.1. SOLUTION: Update to version 4.5.1.639. Management Center for Cisco Security Agents: http://www.cisco.com/pcgi-bin/tablebuild.pl/csa CSA for CallManager: http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des CSA for ICM, IPCC Enterprise, and IPCC Hosted: http://www.cisco.com/pcgi-bin/tablebuild.pl/csa10-crypto CSA for CVP 3.0 and 3.1: http://www.cisco.com/pcgi-bin/tablebuild.pl/csa-cvp-20 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. Safari is prone to a denial-of-service vulnerability. Apple Safari is a web browser software

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. Cisco IOS include HTTP Server Is show buffers Memory dump results were generated dynamically using commands etc. Web When displaying a page, the output result is not properly sanitized, so there is a vulnerability that allows arbitrary commands to be inserted.An arbitrary command may be executed and as a result, administrator privileges may be obtained. Cisco IOS HTTP service is prone to an HTML-injection vulnerability. An attacker can submit malicious HTML and script code through the '/level/15/exec/-/buffers/assigned' and '/level/15/exec/-/buffers/all' scripts. This code may run in the browser of an administrator when they attempt to view the contents of memory buffers through the vulnerable scripts of the HTTP service. IOS 11.0 through 12.4 are affected. IOS XR is not vulnerable. This issue is documented by Cisco Bug ID CSCsc64976. NOTE: Since this is an HTML-injection vulnerability that targets users of the IOS web interface, devices with the HTTP service disabled are not affected. The attacker can also run arbitrary commands on a vulnerable device. Successful exploits may allow the attacker to manipulate routing information, create accounts, and access all other functionality available to administrators. The vulnerability is caused due to the memory dump feature of the HTTP server not properly sanitising the data in received packets before displaying them to the user in a HTML formatted page when the user views the "/level/15/exec/-/buffers/assigned/dump" link. This can be exploited to execute arbitrary script code in a user's browser session when the user views a memory dump containing malicious Javascript/HTML code from a received packet. E.g. changing the "enable" password by injecting HTML code that requests for the "/level/15/configure/-/enable/secret/" link. SOLUTION: Disable active scripting when viewing memory dumps. PROVIDED AND/OR DISCOVERED BY: Hugo Vazquez Carames ORIGINAL ADVISORY: http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The vulnerability is related to: SA17780 The vulnerability has been reported in IOS 11.2(8.11)SA6. SOLUTION: Update to Cisco IOS 12. Alternatively, disable CDP functionality if it is not required, or disable the web administration interface

Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability. Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An input validation error in the RSS aggregation module can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when data from the malicious RSS feed is viewed. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability. Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An input validation error in the RSS aggregation module can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when data from the malicious RSS feed is viewed. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability. Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An input validation error in the RSS aggregation module can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when data from the malicious RSS feed is viewed. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability. Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An input validation error in the RSS aggregation module can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when data from the malicious RSS feed is viewed. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible. Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project. An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An input validation error in the RSS aggregation module can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when data from the malicious RSS feed is viewed. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. This can further be exploited to include and execute arbitrary PHP code injected into the "vtigercrm.log" log file. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting and local file include vulnerabilities. An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible. Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project. An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. This can further be exploited to include and execute arbitrary PHP code injected into the "vtigercrm.log" log file. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting and local file include vulnerabilities. An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible. Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project. An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Christopher Kunz has reported some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An input validation error in the RSS aggregation module can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when data from the malicious RSS feed is viewed. 3) Input passed to the "date" parameter and the username field when logging into the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where sensitive user data can be disclosed or manipulated. Successful exploitation requires that "magic_quotes_gpc" is disabled. 4) Input passed to the "action" and "module" parameters isn't properly verified, before it is used to include files. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 4.2 and prior. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Christopher Kunz, Hardened PHP Project ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_232005.105.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. Novell ZENworks Remote Diagnostics is prone to an unauthorized access vulnerability. This vulnerability may facilitate disclosure of sensitive data and may aid in other attacks against a vulnerable computer. http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972567.htm PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Cisco PIX Firewall Is illegal TCP SYN When a packet is processed, the packet and source and destination information for a certain period of time (IP Address and port ) There is a function that rejects packets that match, and there is a vulnerability that prevents communication from a legitimate host if the source information of the wrong packet is spoofed by that of a legitimate host.From a specific source TCP Communication is interrupted for a certain period of time (DoS) It may be in a state. This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible. Cisco PIX is a hardware firewall solution. Remote attackers may use this loophole to cause a denial of service attack on legitimate access sources. So an attacker can send a specially crafted TCP packet with a wrong checksum, setting the source/destination IP and port to a legitimate host. Once the PIX firewall receives such a message, it cannot establish a new TCP session with the credentials specified in the malicious message. The default time is 2 minutes and 2 seconds, and then it will resume normal operation. Gavrilenko has reported a vulnerability in Cisco PIX, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the firewall failing to verify the checksum of a TCP SYN packet before it is allowed through the firewall and a connection state is setup to track the half-open connection. Packets with incorrect checksum values will be silently discarded by the destination host without a RST reply. This causes the connection state to be held up to two minutes before it is cleared. In the meantime, legitimate SYN packets with the same protocol, IP addresses, and ports are discarded by the firewall. Successful exploitation allows an attacker to prevent a host from establishing connections to another host through the firewall. The vulnerability has been reported in PIX 6.3 and PIX/ASA 7.0. SOLUTION: The vendor recommends the following workaround. 1) Issue the commands "clear xlate" or "clear local-host <ip address on the higher security level interface>" to allow the firewall to pass connections again. 2) Modify the default TCP embryonic connection timeout to a lower value. e.g. 10 seconds. 3) Configure TCP Intercept to allow PIX to proxy all TCP connection attempts originated from behind any firewall interface after the first connection. This will have a performance impact. PROVIDED AND/OR DISCOVERED BY: Konstantin V. Gavrilenko, Arhont Ltd ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------