VARIoT IoT vulnerabilities database
VAR-200512-0210 | CVE-2005-4215 | Motorola SB5100E Cable Modem LanD Packet Denial Of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). Motorola cable modem is a network device that connects PC, TV, telephone, fax and other devices to the Internet through a coaxial cable.
Motorola cable modems have a denial of service vulnerability when processing TCP Land messages, which may allow an attacker to block communication to any target network service. The device must be physically restarted to resume normal operation.
This issue allows attackers to block network traffic to arbitrarily targeted network services
VAR-200512-0307 | CVE-2005-3661 | Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi with the Page parameter set to adv_password.asp. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through the web-based control interface. Unauthenticated attackers can force the device to reset the administrative credentials without authorization. Once credentials have been reset an attacker can log in and perform malicious actions, potentially compromising the entire LAN behind the device. Although a dialog box appears asking for a user name and password, click \"Cancel\" to proceed with the attack.
SOLUTION:
The product has reportedly been discontinued and a patch will not be
issued.
PROVIDED AND/OR DISCOVERED BY:
TNull
ORIGINAL ADVISORY:
iDEFENSE:
http://www.idefense.com/application/poi/display?id=348&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass
Vulnerability
iDefense Security Advisory 12.07.05
www.idefense.com/application/poi/display?id=348&type=vulnerabilities
December 7, 2005
I. BACKGROUND
The Dell TrueMobile 2300 Wireless Broadband Router is an 802.11b/g
wireless access point, wired ethernet switch and internet router. More
information can be found at the following URL:
http://support.dell.com/support/edocs/network/p57205/en/intro/index.htm
II.
The Dell TrueMobile 2300 is a wireless router and access point. (The IP is typically 192.168.2.1, and [ROUTER IP] should
be replace by the router's actual address.)
http://[ROUTER IP]/apply.cgi?Page=adv_password.asp&action=ClearLog
Although dialog boxes for entering the username and password appear,
pressing cancel will not prevent this exploit from working.
III.
The precise cause of the error is unknown. Although there is GPL
source code available for this product, the firmware's source code
version has not been kept up to date with the binary version. As a
result, it does not directly allow the cause of the vulnerability to
be determined.
Based on analysis of the affected binary, /usr/sbin/httpd, and the
previous version of the source code it appears the cause is a logic
error involving the 'ClearLog' string being checked without first
ascertaining that the page was one where that made sense. Although
the binary appears to be largely the same code as the available source
code, there are many differences. In the binary version, the
authentication is not performed in the same order as in the source
version. It is likely that the determination of which pages to check
is now done on the basis of the 'action' variable, rather than the
previous method of using the page name.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in the
following Dell TrueMobile 2300 firmware versions:
\x95 3.0.0.8, dated 07/24/2003
\x95 5.1.1.6, dated 1/31/2004
Previous versions of this may also be affected, however it is not
clear in which version the vulnerability was introduced.
V. WORKAROUND
In order to mitigate exposure to this vulnerability from remote
attackers, employ encryption on your wireless interface, or disable it
if it is not required. The exact settings to use are dependant on your
wireless security policy. This workaround does not prevent exploitation
from the local network via wired interfaces.
VI. VENDOR RESPONSE
"The vendor is no longer selling this product and has replaced it with
newer models that do not exhibit the defect. Therefore, a patch will not
be released to address this issue."
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2005-3661 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
11/17/2005 Initial vendor notification
11/18/2005 Initial vendor response
12/07/2005 Public disclosure
IX. CREDIT
TNull is credited with the discovery of this vulnerability.
Get paid for vulnerability research
http://www.iDefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events
http://labs.iDefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@iDefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information
VAR-200512-0612 | CVE-2005-4093 | Check Point VPN-1 SecureClient Security policy bypass vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on affected computers. Specific issues arising from this vulnerability depend on the intended policies defined by administrators. Some examples of the consequences are: unauthorized computers may connect, scripts may not execute, or insecure network configurations may be possible. Check Point's VPN-1 is a tightly integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. SecureClient is one of the client components.
----------------------------------------------------------------------
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Try it out online:
http://secunia.com/software_inspector/
----------------------------------------------------------------------
TITLE:
Debian update for kernel-source-2.4.27
SECUNIA ADVISORY ID:
SA23395
VERIFY ADVISORY:
http://secunia.com/advisories/23395/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information, DoS
WHERE:
>From remote
OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
DESCRIPTION:
Debian has issued an update for kernel-source-2.4.27. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of potentially sensitive information or cause a DoS
(Denial of Service), and by malicious people to cause a DoS.
For more information:
SA21563
SA21999
SA22253
SA22289
SA23361
SOLUTION:
Apply updated packages.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This check may be bypassed by users with
write-access to the file by continuously replacing it with a modified
copy.
This weakness can potentially allow the SCV (Secure Configuration
Verification) feature of the product to be bypassed, which allow
client systems that are not compliant to the organisation's security
policies to connect to the internal networks.
PROVIDED AND/OR DISCOVERED BY:
Viktor Steinmann
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1237-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
December 17th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : kernel-source-2.4.27
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174
CVE-2006-5649 CVE-2006-5871
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2005-4093
Olof Johansson reported a local DoS (Denial of Service) vulnerability
on the PPC970 platform. Unpriveleged users can hang the system by
executing the "attn" instruction, which was not being disabled at boot.
CVE-2006-4538
Kirill Korotaev reported a local DoS (Denial of Service) vulnerability
on the ia64 and sparc architectures. A user could cause the system to
crash by executing a malformed ELF binary due to insufficient verification
of the memory layout.
CVE-2006-4997
ADLab Venustech Info Ltd reported a potential remote DoS (Denial of
Service) vulnerability in the IP over ATM subsystem. A remote system
could cause the system to crash by sending specially crafted packets
that would trigger an attempt to free an already-freed pointer
resulting in a system crash.
CVE-2006-5174
Martin Schwidefsky reported a potential leak of sensitive information
on s390 systems. The copy_from_user function did not clear the remaining
bytes of the kernel buffer after receiving a fault on the userspace
address, resulting in a leak of uninitialized kernel memory. A local user
could exploit this by appending to a file from a bad address.
CVE-2006-5649
Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service)
vulnerability on powerpc systems. The alignment exception only
checked the exception table for -EFAULT, not for other errors. This can
be exploited by a local user to cause a system crash (panic).
CVE-2006-5871
Bill Allombert reported that various mount options are ignored by smbfs
when UNIX extensions are enabled. This includes the uid, gid and mode
options. Client systems would silently use the server-provided settings
instead of honoring these options, changing the security model. This
update includes a fix from Haroldo Gamal that forces the kernel to honor
these mount options. Note that, since the current versions of smbmount
always pass values for these options to the kernel, it is not currently
possible to activate unix extensions by omitting mount options. However,
this behavior is currently consistent with the current behavior of the
next Debian release, 'etch'.
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
Debian 3.1 (sarge)
Source 2.4.27-10sarge5
Alpha architecture 2.4.27-10sarge5
ARM architecture 2.4.27-2sarge5
Intel IA-32 architecture 2.4.27-10sarge5
Intel IA-64 architecture 2.4.27-10sarge5
Motorola 680x0 architecture 2.4.27-3sarge5
Big endian MIPS 2.4.27-10.sarge4.040815-2
Little endian MIPS 2.4.27-10.sarge4.040815-2
PowerPC architecture 2.4.27-10sarge5
IBM S/390 architecture 2.4.27-2sarge5
Sun Sparc architecture 2.4.27-9sarge5
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 3.1 (sarge)
fai-kernels 1.9.1sarge5
kernel-image-2.4.27-speakup 2.4.27-1.1sarge4
mindi-kernel 2.4.27-2sarge4
systemimager 3.2.3-6sarge4
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge5.dsc
Size/MD5 checksum: 831 b970d762bf162cdfc8df32549bbdd566
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge5.tar.gz
Size/MD5 checksum: 32299 1007b0e6ba417ea12969e495056b2d5e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.dsc
Size/MD5 checksum: 840 381052d0f0e53b867b8190d9bf0e0d1b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.tar.gz
Size/MD5 checksum: 34450 4fe66843eb3dde9636a292726b0720ca
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.dsc
Size/MD5 checksum: 1581 f670c9495d1e6b3fc0dae34079be2703
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.tar.gz
Size/MD5 checksum: 99762 689742b819b03635be81e56f236f015b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge5.dsc
Size/MD5 checksum: 1143 aa5d275cbb5e611a430558c75d2ddce6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge5.tar.gz
Size/MD5 checksum: 55593 e8517a3876c679cf01ccdbdaf666c4fd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.dsc
Size/MD5 checksum: 876 7416f4d8d7d4d468977f966d6cb680da
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.tar.gz
Size/MD5 checksum: 12864 5d32bbaecfcef58ac406939346922caa
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge5.dsc
Size/MD5 checksum: 1074 cf00f7439b32b998ac35cf9bc0ba17ce
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge5.tar.gz
Size/MD5 checksum: 24784 bb76d31c4e97594546a1ce46205627be
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge5.dsc
Size/MD5 checksum: 832 61fe3968d2b8e2a0ae27d86bdadd82dd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge5.tar.gz
Size/MD5 checksum: 10570 982fd40704097c18838e3954de9d946e
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge4.dsc
Size/MD5 checksum: 732 ea5120c744a0c6680bd77bc262018e6d
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge4.tar.gz
Size/MD5 checksum: 18921 f898a597de3f981b99848160f092f06e
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-2.dsc
Size/MD5 checksum: 1051 007ebb5db36532e0bef9462411d7a25b
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-2.tar.gz
Size/MD5 checksum: 309221 e9154cdadd12cf9d3042fc3c69906796
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge5.dsc
Size/MD5 checksum: 1131 6b22f4ecad2ce3d2404d606c77da9dc7
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge5.tar.gz
Size/MD5 checksum: 1464751 d1891087138beef4e77784e3b29230b5
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5.dsc
Size/MD5 checksum: 900 6b7eaed1211e79eeb7822c470588dc10
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5.diff.gz
Size/MD5 checksum: 755526 437a36887a3730d49c6681e163085c91
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
Size/MD5 checksum: 38470181 56df34508cdc47a53d15bc02ffe4f42d
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4.dsc
Size/MD5 checksum: 750 49de53f3e66da5396a7c447411eda404
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4.diff.gz
Size/MD5 checksum: 5089 400dd7c2ce12ba55e876cb90a035095f
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz
Size/MD5 checksum: 9501 a4ad085824ade5641f1c839d945dd301
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge5_all.deb
Size/MD5 checksum: 3581076 e1bbfffc57dbdfd0b9cd2d0a66a7744b
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge5_all.deb
Size/MD5 checksum: 710724 9535988810d9c8f3f4019720bd49a30b
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5_all.deb
Size/MD5 checksum: 31034148 28894dd804436675aedfc296a8ee4d63
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge5_all.deb
Size/MD5 checksum: 27696 90eb280799013da95a3c1188e8b84d50
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge4_all.deb
Size/MD5 checksum: 2420804 1a05dca524994806146a6900efa71899
Alpha architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-2_2.4.27-10sarge1_alpha.deb
Size/MD5 checksum: 5690 26d3f171f62b80b0b8e978652f8f485a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-3_2.4.27-10sarge5_alpha.deb
Size/MD5 checksum: 8074 4f676244465a1b8492343ffc27de9b7b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2_2.4.27-10sarge1_alpha.deb
Size/MD5 checksum: 4572104 d92c8a0b7398b6b41d52c7a55a3d88f1
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
Size/MD5 checksum: 270932 be9e18785e87f29f8632a9fc973b0bbb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
Size/MD5 checksum: 272886 dea691efa19f4b82691124fa62e8963f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge5_alpha.deb
Size/MD5 checksum: 4574778 a40c45730f344deb8cfcc1d1a7ad2488
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge5_alpha.deb
Size/MD5 checksum: 273276 95820aca7779957cdc5b380de2241a4d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge5_alpha.deb
Size/MD5 checksum: 275206 01567b6608388db6ecbea1a4cfa5a99f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
Size/MD5 checksum: 16516634 eb2e92ade4debc9bfdedb40134b3efd6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
Size/MD5 checksum: 16970506 2b58db598e31823c08f993da80ab10d0
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge5_alpha.deb
Size/MD5 checksum: 16531732 f6b0507544d219740e11894d49906179
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge5_alpha.deb
Size/MD5 checksum: 16983616 735c022a0d097f46a03348fe91a6e7ac
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_alpha.deb
Size/MD5 checksum: 20480 505188720fcfed347602c30bb1cd5f6c
ARM architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 483596 fe85544eabe959ce72f05dda8d65185a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 4726650 4729ca286f8e2314f6c5cdfaefbe93aa
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 1695008 4beae00e1c3e83463a772fe17aebc80f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 1059362 ee2f850805f19c7fdfdb8c866566cc56
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 7376966 26755e712c14e0003b0d599ccc1bac98
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 3165708 f673a41f1403e7a85e9cdbfc6cffb23b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge5_arm.deb
Size/MD5 checksum: 3687138 022d79de206311aa2364e5449915a94d
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_arm.deb
Size/MD5 checksum: 18868 b0530590361123733515d0cd21bb01c9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-2_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 8224 ae479d6dbd6c171e94a25e5b59b4243f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 10534 c2e539824425af065b4617aa3589b782
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 1823160 c058363ae7646c370f77d620c6bb6438
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-386_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 297168 19b508f76e107d8cf988560b3fd04a8b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 298340 073efbc2d728e4ee3b30e980d2d0f5e6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 298200 94f48b9438f8e100590c8874b3c05e0c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 300156 1143aa70f66386bf4789431e80810b2d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 297050 44f3d785ad2c70829373321327e6e3e6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 297978 7795ea75d534ded9d2a7ade27fc3cf21
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 299650 9676b8d779e9dd09f0583d950e2fd2d5
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 1825394 6ca7de755e3890e989cfaa2271a0ba3d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 299390 5973792d7e12022780b7d4d51e1f2372
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 300664 948a088ae36738d5de11375009a162b6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 300562 620f476d04bfe3a906b9110d9495f902
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 302114 14db999e3504855ab0239341e41b8d0d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 299548 6b842b2221e6afa94332d6e2e434f5e2
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 300286 483ea0ad7316d1c82e1d667d8826d536
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 302128 d5f9b05985e032d4ce522283566b0fdd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-386_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 11046010 e32bdedde43897d24792ce5199c8e428
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 12024834 edfa4a6008fde7599fbd7e5081cc2bb9
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 12336042 d2c1f84d0c771fa8de10c87e0cb35e70
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 12679824 4ab0ad4ca8bf76e6614768cee8245c24
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 11708878 7842c8dfed5e6c2cbbed136807b5cf7f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 12083292 b45dd7f50ef9f4726711c4af87368037
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 12415392 b56e1c928e816d53f6cba41f0138e91d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 11052302 255d69882c14e9a92cf951b2fff9263f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 12036374 f576550eacb4d17f1388b89ce9615f06
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 12355204 cd85e4ca2b25cecddd0077b4eb47a0ce
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 12695118 31480c61a3ac3c71d4a1b9703b8d8139
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 11723728 3e4e06b330cd1ac479769baac326df7b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 12098618 541559dcbaa99bbd02642fe31b063ffd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 12434342 5813dbe009eea4141a872752874f0335
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-386_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 267586 95d23b87e054f0a8dc82edd6a7f51f60
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 292452 d090775026be223c949e0f86f5b1f646
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 298278 f8cc95014790c87b62bf81b2b2d2d674
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 303840 f1362454b42361047297b1ef7f90769c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 286252 d67de5ec744bad676981089e5623561c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 292100 0ce7cff58a32eb924199a652062a7e9f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
Size/MD5 checksum: 296978 fdb699b60e0d3ae5fa4df76e0203c603
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 269980 77410fc804084d2169ceb1319a9e690f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 294862 b6270e45a1acfc537b6d9ba474e163d7
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 300698 939c08139e1e17f754d9d676ca3f9c04
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 306442 507f4d8c295e1c4549b06ded67009b98
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 288692 900499f7b356261f9859d051c96a54e8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 294624 64620786d42099ead5e5bdb829f7c573
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
Size/MD5 checksum: 299512 6a06f4d16650536bdcd1dd7f44851a3d
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge4_i386.deb
Size/MD5 checksum: 4773910 8c3955d4fa6d3af721c7d820a2e9d5a1
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge4_i386.deb
Size/MD5 checksum: 11308946 ac2eca7ddc6e0fcfa0b7d835b28d3c41
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_i386.deb
Size/MD5 checksum: 16632 bab2d60567d5858c019407cca58d6688
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4_i386.deb
Size/MD5 checksum: 7775346 31814a4d66ec8053772ad147a4a62b26
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-2_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 5190 00c8fff6af32adf62f8c91794745931b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-3_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 7486 b40d48a972ee0cb277b63a649e0d01f2
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 4678756 01467522c3106fab54cf6983a9c6487d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 239184 cd07eff9264141e6ddbd015f5f76e99e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 240504 03b131531af57cd2f46cf8ff8ba93f45
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 239212 457102e92a389246447410ce172bbd2f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 240498 66cc452b54b87366d7755da6693aa76c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 4689752 b5ef21aee13412359cdb7fb5e039de74
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 242570 3dbd1ce3bbfed1c7c4aeb3de2396cf77
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 243234 14ed081560b4008f6e391b325b39544f
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 242366 4acf18300727b24afe4f223623e5c44d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 243558 f48e9a34ea714966024f24277293d1d6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 7262 4cc86fa5dd7f157ab7fa3747f9ac8573
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 7274 7b6dec36049b6f277b72c2c6a24dd538
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 7290 00cf535d95cb5a827d53219de9d2b0a1
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 7302 093e0825e05675fd728a7db694531f1a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 16665798 0dfd99eeb9d1c8933ec71f0cdc80a71e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 17023766 09ae0a0c0b133abe047cd50b8e09f02e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 16623970 2b70e151d5c13c89d7646dc01d28a277
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
Size/MD5 checksum: 16970478 affcf0503482e489ae8384b3d7279fce
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 16677620 d997c6d47e3592b0ab8c82917548102b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 17037020 75b4b47d8ebd8cd91327cfeaf76dd0d9
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 16630570 11c5c2ea12f3cab5865b225f765d71c0
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge5_ia64.deb
Size/MD5 checksum: 16988538 f8b022aa39e91bccc24ab3adaab2c7aa
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_ia64.deb
Size/MD5 checksum: 22224 a4d38a63b6bd0399aa84d50d23f09cf6
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2642370 64f44bc3e9c3313cb7aecf789ddb51de
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2545710 6dcdfedd3356d0f20e7899da7a7ff2bd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2396790 5d278c185e1ca1d34e65dc657cbcbe96
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2478704 181df694d051555f0253ff27e9f0863c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2326206 033f694ed1a6acc24efb07ecdbbe125c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2397324 f716f0313d88c62779569712078ae0c8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge5_m68k.deb
Size/MD5 checksum: 2262406 c0c6fbb7a1160688f8e8c7ae97d43e9a
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_m68k.deb
Size/MD5 checksum: 16338 f9b14151760944376dfbbbfc47b73346
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-2_2.4.27-2sarge1_s390.deb
Size/MD5 checksum: 4578000 97fce93cc2ebc4da7c0a7bab1c157aef
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-3_2.4.27-2sarge5_s390.deb
Size/MD5 checksum: 4579864 fc815cfb54bdfed711c2c09fae740500
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390_2.4.27-2sarge1_s390.deb
Size/MD5 checksum: 2774574 86262b4b2bb4c6db5471c97dcc1747b4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390-tape_2.4.27-2sarge1_s390.deb
Size/MD5 checksum: 991868 a712b00ecf74c79fadeeb0f50b298618
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390x_2.4.27-2sarge1_s390.deb
Size/MD5 checksum: 2966354 5ebdd9b9fa80cdbdf0049683eaad24ee
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge5_s390.deb
Size/MD5 checksum: 2782140 11029023c05ea13dc51206e74bdb2391
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge5_s390.deb
Size/MD5 checksum: 995678 a642f56da45718fe0a665ad1836f6112
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge5_s390.deb
Size/MD5 checksum: 2974550 749696ce8a74c220819579cb14ebff3a
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_s390.deb
Size/MD5 checksum: 19338 c86219a43c645a82ee1782d94dc6dce8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-2_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 8328 1e092e0877937ac5dbf46e347992c7d3
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-3_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 10550 164dc9869ea386fd3169864645d89a98
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 2023482 b50d08e5c4c12fff4473e77babeda1ab
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 162670 2c495f6b6e414dc24f2c676ecd84dda4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 164478 f59e33098dec7e1ff68b162aab6d56a6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 201214 fa92988ddfba0e9f03ace13f365dfc77
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 202452 d56ab1dd8ddb9d4b10de13c37c4c4af5
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 2025304 c036f26f3bb2c1a7f1acc7588b54c389
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 164532 18adb86c0d3ce5b6424b277ce2e39794
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 166318 d3fa63eab9ddab3f6b5db8f385ffe458
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 202940 c03ec973495d21f03df3f156c3dc033b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 204266 547fb57dd64584ee765c427d2c0554fd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 3597102 1c5334adb92bbaf0ce96e82abcf6d77e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 3784076 3d1b5e5c3e147bf760c6077fa36eb783
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 6377902 7bd0e77ec9494b0ed352917b829fa5a0
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
Size/MD5 checksum: 6543220 a73b077777c3a22ca9538666d3ff8aee
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 3605072 14ac1e3ce17cbf64bfd7a61f520cf494
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 3792788 38ef858c0ff9158cf44590782f5664e0
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 6385736 5dfaf6a6a6e5a809a38458ef79661d3b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge5_sparc.deb
Size/MD5 checksum: 6550182 97b6ef3ce231c448687bf357daae4faf
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_sparc.deb
Size/MD5 checksum: 18200 1465507e83184c1c32b2015530dc39c9
AMD64 architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_amd64.deb
Size/MD5 checksum: 17252 8c0ddf9b2b2c5f7ac695d7f10af7aeb5
HP Precision architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_hppa.deb
Size/MD5 checksum: 19334 22608a5cbf78b9dfb49a91685513485e
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-2_mips.deb
Size/MD5 checksum: 4681544 e5ad300c16978417dfdb04a55b3cf505
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-2_mips.deb
Size/MD5 checksum: 3854770 6fb17fc57af59997c55dc5d15fe86324
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-2_mips.deb
Size/MD5 checksum: 3857642 135e1590f21c14db5765422dadd03571
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-2_mips.deb
Size/MD5 checksum: 7186300 c841f01587ec79fc411bda056d663a04
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_mips.deb
Size/MD5 checksum: 20448 02fd1e80e83a5c3e7b6b16832b77cc26
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 4686676 eb7e81b8a3a6829252a02251aed92b08
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 3037974 ea0208a51612c1e34a6aa60410d21c3d
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 2999656 ec0c25c38b5e7a8a65142bbc52b8220d
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 4107630 deefd96c7f6b2e3e954c98284d367e61
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 2141986 e3ea6afd27d393fcdf6b20a755fa7a41
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 7048130 dd624bc0af5d1e39be9084a58ad575d5
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 4677566 6179a00efde69e2bef158f584b667bc9
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_mipsel.deb
Size/MD5 checksum: 20488 41476ba7fba16f7453c72fad3ac7279a
PowerPC architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 143604 dbd3e6559ab4d24640e78fa5096b8d4d
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 143402 0ac835db06b6feb1b662ffe7cee6b1ca
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 157358 df24d8751cee33c2ec3490fe3c58aab5
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 157652 f95e05ad17a85a314f36ad794231bd19
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 157408 19f3fa73f641f93a734b5a0c1d92800a
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 4684386 33f89f6ff68d4697590dc56da8f5c85b
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 4694600 0d7e24209c0c22ad726ddc7d2046f5e4
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 4802248 dc4bb7170432243f61d1ccf10820518f
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 2502696 794593451ab3047561014f148290650c
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 1819296 026d70d2989c1f5345280777f8430d33
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 13486360 c02196059ed6f7103d6faa2a45320828
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 12759400 e9108a2f987765ff915435b199bda15e
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 13792416 3af28a8ab21e298043311c0e15b19184
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 65868 b0f73596dd19e6c41d0fa64f5c3d7e22
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 11006 c537fc249b24e8d4c57165e6f4d6ad5a
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
Size/MD5 checksum: 10928 11f29b35752d4f50ea28b345001efb2b
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_powerpc.deb
Size/MD5 checksum: 18902 a8338f398511cd07bd619b812f18d76b
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFhU8VXm3vHE4uyloRAqyaAJoCjTG8pCP4OuaLqSRiqr2F/TIh0QCg0oNv
cX7kv9vIm6CBHm4dJqv7whM=
=e1p5
-----END PGP SIGNATURE-----
VAR-200512-0016 | CVE-2005-2931 | Ipswitch Collaboration component SMTP Format string processing vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in a format-specifier argument to a formatted printing function.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected application.
TITLE:
Ipswitch IMail Server IMAP and SMTP Service Two Vulnerabilities
SECUNIA ADVISORY ID:
SA17863
VERIFY ADVISORY:
http://secunia.com/advisories/17863/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Ipswitch Collaboration Suite (ICS) 2.x
http://secunia.com/product/5167/
IMail Server 8.x
http://secunia.com/product/3048/
DESCRIPTION:
Two vulnerabilities have been reported in IMail Server, which can be
exploited by malicious users to cause a DoS (Denial of Service) and
to compromise a vulnerable system.
2) An error exists in the IMAP4D32 service when handling user
supplied arguments passed to the IMAP LIST command. This can be
exploited by a logon user to cause a memory dereferencing error,
which crashes the IMAP service by supplying an argument of
approximately 8000 bytes to the command.
The vulnerabilities have been reported in IMail Server version 8.20.
Other versions prior to 8.22 may also be affected.
SOLUTION:
Update to the fixed versions.
IMail Server 8.20:
Update to version 8.22.
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0:
Update to version 2.02.
http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY:
1) Nico
2) Sebastian Apelt
ORIGINAL ADVISORY:
http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. BACKGROUND
Ipswitch Collaboration Suite provides e-mail and real-time
collaboration, calendar and contact list sharing, and protection from
spam and viruses, all delivered in an easy to use suite.
http://www.ipswitch.com/products/collaboration/index.asp
II. All of the commands are handled by the same function which
parses user-supplied input strings. The following debugger session
shows a backtrace with user-supplied strings as values. With properly
constructed input value, the strings would be interpreted as memory
addresses that would be executed upon returning from the current
function.
[..]
00A7F370 006020A0
00A7F374 00A7F634 ASCII 5B,"192.168.242.1] MAIL
FROM:C:\apps\Ipswitch\Collaboration
Suite\IMail\spool\T94e8013e00000005"
00A7F378 00000000
00A7F37C 00000000
00A7F380 7C34FC0B RETURN to MSVCR71.7C34FC0B from MSVCR71.write_char
00A7F384 00602048
00A7F388 00A7F648 ASCII 20,"FROM:C:\apps\Ipswitch\Collaborat"
[..]
III. Ipswitch
mail services are commonly configured to allow untrusted access. The
use of a firewall or other mitigating strategy is highly recommended
due to the nature of this vulnerability. The IMail SMTP server is
installed by default.
IV.
V. WORKAROUND
iDEFENSE is currently unaware of any effective workarounds for this
issue. Access to the affected host should be filtered at the network
boundary if global accessibility is not required. Restricting access to
only trusted hosts and networks may reduce the likelihood of
exploitation.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this
issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 has been released to address this issue and is
available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-2931 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification
09/13/2005 Initial vendor response
10/06/2005 Coordinated public disclosure
IX. CREDIT
iDEFENSE credits Nico with the discovery of this vulnerability.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events
http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-200512-0015 | CVE-2005-2923 | Ipswitch IMail IMAP LIST Command Remote Denial of Service Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
Successful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability
iDEFENSE Security Advisory 12.06.05
www.idefense.com/application/poi/display?id=347&type=vulnerabilities
December 6, 2005
I. BACKGROUND
Ipswitch Imail Server is an email server that is part of the IpSwitch
Collaboration suit. Imail Supports POP3, SMTP, IMAP and web based email
access. More Information can be located on the vendor\x92s site at:
http://www.ipswitch.com/Products/collaboration/index.html
II.
The problem specifically exists in handling long arguments to the LIST
command. When a LIST command of approximately 8000 bytes is supplied,
internal string parsing routines can be manipulated in such a way as to
reference non-allocated sections of memory. This parsing error results
in an unhandled access violation, forcing the daemon to exit.
III. The LIST command is only available
post authentication and therefore valid credentials are required to
exploit this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch
IMail 8.2.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somewhat. As
a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and
forcing users to use POP3.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this
issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 Patch has been released to address this issue and is
available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-2923 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification
09/13/2005 Initial vendor response
10/06/2005 Coordinated public disclosure
IX. CREDIT
Sebastian Apelt is credited with discovering this vulnerability.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events
http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
1) A format string error exists in the SMTPD32 service when parsing
arguments supplied to the "expn", "mail", "mail from", and "rcpt to"
commands. This can be exploited to execute arbitrary code via
specially crafted arguments sent to the affected commands.
The vulnerabilities have been reported in IMail Server version 8.20.
Other versions prior to 8.22 may also be affected.
SOLUTION:
Update to the fixed versions.
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0:
Update to version 2.02.
http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY:
1) Nico
2) Sebastian Apelt
ORIGINAL ADVISORY:
http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200512-0471 | CVE-2005-4006 | SAPID CMS Verification bypass vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php. This issue is due to a failure in the application to perform proper authentication on user credentials before granting access to privileged scripts.
An attacker can exploit this vulnerability to access privileged scripts without requiring authentication credentials
VAR-200512-0611 | CVE-2005-4092 | Apple QuickTime fails to properly handle corrupt media files |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor.
These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats.
Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software.
This issue may be triggered when the application processes a malformed movie (.MOV) file.
Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.
This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts.
This specific flaw exists within the QuickTime.qts file which many
applications access QuickTime's functionality through. By specially
crafting atoms within a movie file, a direct heap overwrite is
triggered, and reliable code execution is then possible.
Technical Details:
Technical Description:
The code in QuickTime.qts responsible for the size of the Sample
Description Table entries from the 'stsd' atom in a QuickTime-format
movie on the heap. According to developer.apple.com, the format of the
Sample Description Atom is as follows:
Field Description
----------------------------------------------------------------
Size 32-bit int
Data Format 4 char code
Reserved 6 bytes that must be 0
Data Reference Index 16-bit int
Hint Track Version 16-bit unsigned int
Last compatible hint track version 16-bit unsigned int
Max Packet Size 32-bit int
Additional Data Table Variable
By setting the size of the Sample Description Table to a size of 00 15 -
00 D0 will cause a heap-based overflow. By supplying the "Last
compatible hint track version" field with the value of 00 05 - 00 09, an
insufficiently-sized heap block will be allocated, resulting in a
classic complete heap memory overwrite
during the RtlAllocateHeap() function and the attacker can control
memory with data taken from the filename of the .MOV file. This
vulnerability can be successfully exploited via an embedded media player
in an HTML page, email, or HTML link.
References
QuickTime: QuickTime File Format
http://developer.apple.com/documentation/QuickTime/QTFF/index.html
Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Vendor Status:
Apple has released a patch for this vulnerability. The patch is
available via the Updates section of the affected applications.
This vulnerability has been assigned the CVE identifier CVE-2005-4092.
Credit:
Discovery: Karl Lynn
Greetings:
0x41414141
Copyright (c) 1998-2006 eEye Digital Security
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express
consent of eEye. If you wish to reprint the whole or any part of this
alert in any other medium excluding electronic medium, please email
alert@eEye.com for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect
damages whatsoever arising out of or in connection with the use or
spread of this information.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006
Last revised: January 11, 2006
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple
vulnerabilities. The impacts of these vulnerabilities include
execution of arbitrary code and denial of service.
I.
(CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj
34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey
AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/
HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL
osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy
0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==
=5Kiq
-----END PGP SIGNATURE-----
VAR-200512-0526 | CVE-2005-3989 | Avaya TN2602AP IP Media Resource 320 Remote Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. Avaya TN2602AP IP Media Resource 320 is prone to a remote denial of service vulnerability.
A successful attack can result in a memory leak and lead to a denial of service condition due to a crash.
Avaya TN2602AP IP Media Resource 320 versions prior to vintage 9 firmware are vulnerable to this issue.
The vulnerability is caused due to an unspecified error. This can be
exploited to cause memory leaks, which can potentially cause a DoS
via specially crafted packets.
SOLUTION:
Update to vintage 9 firmware.
http://support.avaya.com/japple/css/japple?temp.documentID=236667&temp.productID=136527&temp.releaseID=228560&temp.bucketID=108025&PAGE=Document#TN2602
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0187 | CVE-2005-3886 | Cisco Security Agent Unknown local protection bypass and privilege elevation vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. This issue only affects computers running affected versions of Cisco Security Agent on the Microsoft Windows platform.
Further details are not currently available, this BID will be updated as information becomes available. Cisco Security Agent adopts behavior-based evaluation criteria to identify and protect servers and terminal computers, instead of relying only on signature matching for analysis and identification, successfully solving the security risks brought by unknown viruses.
The vulnerability is caused due to an unspecified error in CSA on the
Windows platform. This can be exploited by malicious users to gain
SYSTEM privileges on a vulnerable system.
The vulnerability has been reported in the following versions:
* Cisco CSA version 4.5.0 (all builds) managed and standalone
agents.
* Cisco CSA version 4.5.1 (all builds) managed and standalone
agents.
* Cisco CSA version 4.5.0 (build 573) for CallManager.
* Cisco CSA version 4.5.1 (build 628) for CallManager.
* Cisco CSA version 4.5.1 (build 616) for Intelligent Contact
Management (ICM), IPCC Enterprise, and IPCC Hosted.
* Cisco CSA version 4.5.0 ( build 573) for Cisco Voice Portal (CVP)
3.0 and 3.1.
SOLUTION:
Update to version 4.5.1.639.
Management Center for Cisco Security Agents:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa
CSA for CallManager:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
CSA for ICM, IPCC Enterprise, and IPCC Hosted:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa10-crypto
CSA for CVP 3.0 and 3.1:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa-cvp-20
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0198 | CVE-2005-3897 | Apple Safari Javascript BODY Event denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. Safari is prone to a denial-of-service vulnerability. Apple Safari is a web browser software
VAR-200511-0152 | CVE-2005-3921 |
Cisco IOS HTTP Server Vulnerabilities in arbitrary command insertion
Related entries in the VARIoT exploits database: VAR-E-200511-0416 |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. Cisco IOS include HTTP Server Is show buffers Memory dump results were generated dynamically using commands etc. Web When displaying a page, the output result is not properly sanitized, so there is a vulnerability that allows arbitrary commands to be inserted.An arbitrary command may be executed and as a result, administrator privileges may be obtained. Cisco IOS HTTP service is prone to an HTML-injection vulnerability.
An attacker can submit malicious HTML and script code through the '/level/15/exec/-/buffers/assigned' and '/level/15/exec/-/buffers/all' scripts. This code may run in the browser of an administrator when they attempt to view the contents of memory buffers through the vulnerable scripts of the HTTP service.
IOS 11.0 through 12.4 are affected. IOS XR is not vulnerable.
This issue is documented by Cisco Bug ID CSCsc64976.
NOTE: Since this is an HTML-injection vulnerability that targets users of the IOS web interface, devices with the HTTP service disabled are not affected. The attacker can also run arbitrary commands on a vulnerable device.
Successful exploits may allow the attacker to manipulate routing information, create accounts, and access all other functionality available to administrators.
The vulnerability is caused due to the memory dump feature of the
HTTP server not properly sanitising the data in received packets
before displaying them to the user in a HTML formatted page when the
user views the "/level/15/exec/-/buffers/assigned/dump" link. This
can be exploited to execute arbitrary script code in a user's browser
session when the user views a memory dump containing malicious
Javascript/HTML code from a received packet. E.g. changing
the "enable" password by injecting HTML code that requests for the
"/level/15/configure/-/enable/secret/" link.
SOLUTION:
Disable active scripting when viewing memory dumps.
PROVIDED AND/OR DISCOVERED BY:
Hugo Vazquez Carames
ORIGINAL ADVISORY:
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The vulnerability is related to:
SA17780
The vulnerability has been reported in IOS 11.2(8.11)SA6.
SOLUTION:
Update to Cisco IOS 12.
Alternatively, disable CDP functionality if it is not required, or
disable the web administration interface
VAR-200511-0220 | CVE-2005-3821 | vTiger CRM Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0223 | CVE-2005-3824 | vTiger CRM uploads Module allows uploading arbitrary file vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0222 | CVE-2005-3823 | vTiger CRM Users Remote module free PHP Code execution vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0221 | CVE-2005-3822 | vTiger CRM Multiple SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0218 | CVE-2005-3819 |
vTiger CRM Multiple SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-200511-0129 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project.
An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources.
This can further be exploited to include and execute arbitrary PHP
code injected into the "vtigercrm.log" log file.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0217 | CVE-2005-3818 |
vTiger CRM Multiple cross-site scripting vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200511-0131, VAR-E-200511-0130 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting and local file include vulnerabilities.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project.
An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources.
This can further be exploited to include and execute arbitrary PHP
code injected into the "vtigercrm.log" log file.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0219 | CVE-2005-3820 | VTiger CRM Multiple Input Validation Vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting and local file include vulnerabilities.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project.
An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0342 | CVE-2005-3786 | Novell ZENworks remote diagnosis Console One Unauthorized access vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. Novell ZENworks Remote Diagnostics is prone to an unauthorized access vulnerability.
This vulnerability may facilitate disclosure of sensitive data and may aid in other attacks against a vulnerable computer.
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972567.htm
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0294 | CVE-2005-3774 | Cisco PIX fails to verify TCP checksum |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Cisco PIX Firewall Is illegal TCP SYN When a packet is processed, the packet and source and destination information for a certain period of time (IP Address and port ) There is a function that rejects packets that match, and there is a vulnerability that prevents communication from a legitimate host if the source information of the wrong packet is spoofed by that of a legitimate host.From a specific source TCP Communication is interrupted for a certain period of time (DoS) It may be in a state.
This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible. Cisco PIX is a hardware firewall solution. Remote attackers may use this loophole to cause a denial of service attack on legitimate access sources. So an attacker can send a specially crafted TCP packet with a wrong checksum, setting the source/destination IP and port to a legitimate host. Once the PIX firewall receives such a message, it cannot establish a new TCP session with the credentials specified in the malicious message. The default time is 2 minutes and 2 seconds, and then it will resume normal operation. Gavrilenko has reported a vulnerability in Cisco PIX,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to the firewall failing to verify the
checksum of a TCP SYN packet before it is allowed through the firewall
and a connection state is setup to track the half-open connection.
Packets with incorrect checksum values will be silently discarded by
the destination host without a RST reply. This causes the connection
state to be held up to two minutes before it is cleared. In the
meantime, legitimate SYN packets with the same protocol, IP
addresses, and ports are discarded by the firewall.
Successful exploitation allows an attacker to prevent a host from
establishing connections to another host through the firewall.
The vulnerability has been reported in PIX 6.3 and PIX/ASA 7.0.
SOLUTION:
The vendor recommends the following workaround.
1) Issue the commands "clear xlate" or "clear local-host <ip address
on the higher security level interface>" to allow the firewall to
pass connections again.
2) Modify the default TCP embryonic connection timeout to a lower
value. e.g. 10 seconds.
3) Configure TCP Intercept to allow PIX to proxy all TCP connection
attempts originated from behind any firewall interface after the
first connection. This will have a performance impact.
PROVIDED AND/OR DISCOVERED BY:
Konstantin V. Gavrilenko, Arhont Ltd
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------