VARIoT IoT vulnerabilities database
| VAR-200809-0187 | CVE-2008-3613 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. An attacker with access to the local network can cause the Finder to quit immediately after launching.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0185 | CVE-2008-3611 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 6.3 CVSS V3: - Severity: MEDIUM |
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. If the user walks away from the machine while the error message is still being displayed, a user with access to the login credentials can reset the password.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0183 | CVE-2008-3609 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0184 | CVE-2008-3610 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. To trigger this vulnerability, the system must enable the Guest account or other accounts with empty passwords. In a small number of attempts, logins to these accounts could not be completed, and the user list was displayed again, at which point the attacker could log in as any user without supplying a password. If the original account is Guest, the content of the new account will be deleted when you log out.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0182 | CVE-2008-3608 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. Viewing very large JPEG graphics can lead to unexpected application termination or arbitrary code execution.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0188 | CVE-2008-3614 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.
Versions prior to QuickTime 7.5.5 are affected.
NOTE: Two issues that were previously covered in this BID were given their own records to better document the details:
- CVE-2008-3626 was moved to BID 31546 ('Apple QuickTime 'STSZ' Atoms Memory Corruption Vulnerability')
- CVE-2008-3629 was moved to BID 31548 ('Apple QuickTime PICT Denial of Service Vulnerability'). Apple QuickTime is a very popular multimedia player. iDefense Security Advisory 09.09.08
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 09, 2008
I. BACKGROUND
Quicktime is Apple's media player product, and is used to render video
and other media. The PICT file format was developed by Apple Inc. in
1984. PICT files can contain both object oriented images and bitmaps.
For more information visit the vendor's web site at the following URL.
http://www.apple.com/quicktime/
II. This issue results in heap corruption
which can lead to arbitrary code execution.
III. ANALYSIS
Exploitation of this issue results in arbitrary code execution in the
security context of the current user. An attacker would need to host a
web page containing a malformed PICT file. Upon visiting the malicious
web page exploitation would occur. Alternatively a malicious PICT file
could be attached to an e-mail.
IV. Older versions are also suspected to be
vulnerable.
V. WORKAROUND
iDefense recommends disabling the QuickTime Plug-in and altering the
.pic and .pict file type associations within the registry. Disabling
the plug-in will prevent web browsers from utilizing QuickTime Player
to view associated media files. Removing the file type associations
within the registry will prevent QuickTime Player and Picture Viewer
from opening .pic and .pict files.
VI. VENDOR RESPONSE
Apple has released QuickTime 7.5.5 which resolves this issue. More
information is available via Apple's QuickTime Security Update page at
the URL shown below.
http://support.apple.com/kb/HT3027
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-3614 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
05/13/2008 Initial vendor notification
05/22/2008 Initial vendor response
09/09/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor
| VAR-200809-0013 | CVE-2008-2312 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0009 | CVE-2008-2332 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0008 | CVE-2008-2331 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. After hitting the lock key, changes to filesystem shares and permissions take effect but are not displayed.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0007 | CVE-2008-2330 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue.". Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. The advisory also contains security updates for 17 previously reported issues.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200809-0006 | CVE-2008-2329 | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. The advisory also contains security updates for 17 previously reported issues. If wildcard characters are provided in the Username field, a list of Active Directory usernames will be displayed.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200807-0283 | CVE-2008-2303 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apple iPhone and iPod touch are prone to multiple remote vulnerabilities:
1. A vulnerability that may allow users to spoof websites.
2. An information-disclosure vulnerability.
3. A buffer-overflow vulnerability.
4. Two memory-corruption vulnerabilities.
Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.
These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200807-0061 | CVE-2008-1589 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS. According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt." Hiromitsu Takagi reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.This vulnerability could be exploited to conduct a man-in-the-middle attack. As a result, this may lead to the disclosure of sensitive information. Apple iPhone and iPod touch are prone to multiple remote vulnerabilities:
1. A vulnerability that may allow users to spoof websites.
2. An information-disclosure vulnerability.
3. A buffer-overflow vulnerability.
4. Two memory-corruption vulnerabilities.
Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.
These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200807-0012 | CVE-2008-2317 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. Apple iPhone and iPod touch are prone to multiple remote vulnerabilities:
1. A vulnerability that may allow users to spoof websites.
2. An information-disclosure vulnerability.
3. A buffer-overflow vulnerability.
4. Two memory-corruption vulnerabilities.
Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.
These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-045
July 25, 2008
-- CVE ID:
CVE-2008-2317
-- Affected Vendors:
Apple
-- Affected Products:
Apple Safari
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6146.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT2351
-- Disclosure Timeline:
2008-05-13 - Vulnerability reported to vendor
2008-07-25 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
| VAR-200806-0425 | CVE-2008-2307 | Apple Safari contains a memory corruption issue in the handling of JavaScript arrays by WebKit |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple Safari WebKit is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. Failed exploit attempts will result in a denial-of-service condition. Safari is the web browser bundled by default in the Apple family operating system. Safari's WebKit has a buffer overflow vulnerability when processing JavaScript arrays. If the user is tricked into visiting a malicious site, this overflow can be triggered, resulting in denial of service or execution of arbitrary instructions.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200804-0038 | CVE-2008-1025 | Apple Safari WebKit fails to properly handle a crafted URL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute script in the context of another site.. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
This issue affects versions prior to Apple Safari 3.1.1 running on the following platforms:
Mac OS X 10.4.11
Mac OS X 10.5.2
Windows XP
Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200804-0039 | CVE-2008-1026 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. Apple Safari is prone to a buffer-overflow vulnerability. Other attacks are also possible.
This issue affects versions prior to Apple Safari 3.1.1 running on the following platforms:
Mac OS X v10.4.11
Mac OS X Server v10.4.11
Mac OS X v10.5.2
Mac OS X Server v10.5.2
Windows XP
Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-022
April 16, 2008
-- CVE ID:
CVE-2008-1026
-- Affected Vendors:
Apple
-- Affected Products:
Apple Safari
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6031.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT1467
-- Disclosure Timeline:
2008-03-27 - Vulnerability reported to vendor
2008-04-16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Charlie Miller, Jake Honoroff and Mark Daniel
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-200803-0016 | CVE-2008-0050 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible.
NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200801-0204 | CVE-2008-0226 | Multiple PHP XML-RPC implementations vulnerable to code injection |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. yaSSL is prone to multiple remote buffer-overflow vulnerabilities. Failed attacks will cause denial-of-service conditions.
yaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected. # MySQL yaSSL SSL Hello Message Buffer Overflow 1. Vulnerability introduction and analysis yaSSL is an open source software package used to implement SSL. There are multiple remote overflow and invalid memory access issues in the yaSSL implementation, and remote attackers may take advantage of this vulnerability to control the server. The yaSSL (1.7.5 and earlier) implementation to Stack Buffer Overflow is bundled with MySQL <= 6.0. Code analysis: The buffer structure used to contain the data in the Hello message received by the client is as follows (from yassl_imp.hpp): class ClientHello : public HandShakeBase { ProtocolVersion client_version_; Random random_; uint8 id_len_; // session id length opaque session_id_[ID_LEN]; uint16 suite_len_; // cipher suite length opaque cipher_suites_[MAX_SUITE_SZ]; uint8 comp_len_; // compression length CompressionMethod compression_methods_; ... Here ID_LEN length is 32 units, MAX_SUITE_SZ is 64, RAN_LEN (RANd_LEN) 32. If an old version of the Hello message is received, the called ProcessOldClientHello function does not perform the necessary checks to limit the amount of data filling the above three fields, resulting in a buffer overflow vulnerability. The following is the vulnerable code in handshake.cpp: void ProcessOldClientHello(input_buffer& input, SSL& ssl) ... ClientHello ch; ... for (uint16 i = 0; i < ch.
Sergei Golubchik found that MySQL did not properly validate optional
data or index directory paths given in a CREATE TABLE statement; as
well it would not, under certain conditions, prevent two databases
from using the same paths for data or index files. This could allow
an authenticated user with appropriate privilege to create tables in
one database to read and manipulate data in tables later created in
other databases, regardless of GRANT privileges (CVE-2008-2079).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
56e59e5a7413ca900767afa20480fff5 2007.1/i586/libmysql15-5.0.45-8.2mdv2007.1.i586.rpm
c11348f9b60a3fb153cf07a7b2e22502 2007.1/i586/libmysql-devel-5.0.45-8.2mdv2007.1.i586.rpm
a60fca42161427ed528a6a1fd58c61e3 2007.1/i586/libmysql-static-devel-5.0.45-8.2mdv2007.1.i586.rpm
a6c4108497edb6cd0d7f723ca5f81c1f 2007.1/i586/mysql-5.0.45-8.2mdv2007.1.i586.rpm
62b091bfed614ed2be0e9f1dabc00e6e 2007.1/i586/mysql-bench-5.0.45-8.2mdv2007.1.i586.rpm
65c4cbcbaa11ad0fd5521ff9821a0e71 2007.1/i586/mysql-client-5.0.45-8.2mdv2007.1.i586.rpm
6cafb4fc0190c3d8c301737cc1b2d584 2007.1/i586/mysql-common-5.0.45-8.2mdv2007.1.i586.rpm
ab7ff6bc5ed1e3add97e87eadffdf7d0 2007.1/i586/mysql-max-5.0.45-8.2mdv2007.1.i586.rpm
0c0d3817061fed8a9495b976e9aad4f6 2007.1/i586/mysql-ndb-extra-5.0.45-8.2mdv2007.1.i586.rpm
e180f9184b397c76f121fa2cbcc249ee 2007.1/i586/mysql-ndb-management-5.0.45-8.2mdv2007.1.i586.rpm
11f6b6b340ec050489117a31ba1ada7b 2007.1/i586/mysql-ndb-storage-5.0.45-8.2mdv2007.1.i586.rpm
27d5c830d808a9198b5a3234ab635c31 2007.1/i586/mysql-ndb-tools-5.0.45-8.2mdv2007.1.i586.rpm
0b18a06428b4c5351ea19433a18ba44b 2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
861ae8a12d105c0537345f4b1b6364a6 2007.1/x86_64/lib64mysql15-5.0.45-8.2mdv2007.1.x86_64.rpm
74995c774432f4acacf682d14b738bae 2007.1/x86_64/lib64mysql-devel-5.0.45-8.2mdv2007.1.x86_64.rpm
5453d884b0edf40606bd78e62aef8101 2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2007.1.x86_64.rpm
ef7ab96c6a492dad1a5f1463eaf5568b 2007.1/x86_64/mysql-5.0.45-8.2mdv2007.1.x86_64.rpm
e6527ea8482a7928095a2d1d24953ad6 2007.1/x86_64/mysql-bench-5.0.45-8.2mdv2007.1.x86_64.rpm
896ed2418af55577669d67b2b110fded 2007.1/x86_64/mysql-client-5.0.45-8.2mdv2007.1.x86_64.rpm
9cfc765f29d39220862dd8b38a7baddb 2007.1/x86_64/mysql-common-5.0.45-8.2mdv2007.1.x86_64.rpm
f738941dbf2fb982e5f91ad1f5b8dd99 2007.1/x86_64/mysql-max-5.0.45-8.2mdv2007.1.x86_64.rpm
604b3cda2222cc031819c1a76f64974e 2007.1/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2007.1.x86_64.rpm
944f87e17f3a30a41392b57005b3866d 2007.1/x86_64/mysql-ndb-management-5.0.45-8.2mdv2007.1.x86_64.rpm
abe714a023e8019dc2379f38a10287c6 2007.1/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2007.1.x86_64.rpm
60585f5c00ea687c710da9bf8dc620b0 2007.1/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2007.1.x86_64.rpm
0b18a06428b4c5351ea19433a18ba44b 2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
32915a44b313f9752d53864929acacef 2008.0/i586/libmysql15-5.0.45-8.2mdv2008.0.i586.rpm
886f68f93c90d168f0f376f2bdf19dfe 2008.0/i586/libmysql-devel-5.0.45-8.2mdv2008.0.i586.rpm
05d52109e0e751d6ecb330361f0c49b1 2008.0/i586/libmysql-static-devel-5.0.45-8.2mdv2008.0.i586.rpm
c2d269602985c48dbfaa56edbb2089a5 2008.0/i586/mysql-5.0.45-8.2mdv2008.0.i586.rpm
fe5a49a0dbcf5b5b862fa15c697ec734 2008.0/i586/mysql-bench-5.0.45-8.2mdv2008.0.i586.rpm
5d9e574e07b13db1e98ac5084ef24c52 2008.0/i586/mysql-client-5.0.45-8.2mdv2008.0.i586.rpm
c3a73f6ba9467995e4eeeb2994987e8c 2008.0/i586/mysql-common-5.0.45-8.2mdv2008.0.i586.rpm
faca35a011bd9e95c3aded56c498efe7 2008.0/i586/mysql-max-5.0.45-8.2mdv2008.0.i586.rpm
ae5bece63ecfacd37582c68288e146a6 2008.0/i586/mysql-ndb-extra-5.0.45-8.2mdv2008.0.i586.rpm
6948d8799ff1e8e9ae3908dcfdfafc2a 2008.0/i586/mysql-ndb-management-5.0.45-8.2mdv2008.0.i586.rpm
11566a84793e2eb8b2e55fe28d89b918 2008.0/i586/mysql-ndb-storage-5.0.45-8.2mdv2008.0.i586.rpm
7e8e44013f0de7b0cd2c527da9202985 2008.0/i586/mysql-ndb-tools-5.0.45-8.2mdv2008.0.i586.rpm
af4075fd835e0372f1f6745f2f6f2d24 2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
c3683e4b578bcf573913d2c8ea3bcc64 2008.0/x86_64/lib64mysql15-5.0.45-8.2mdv2008.0.x86_64.rpm
a15bc584715bfa86221d021a45610701 2008.0/x86_64/lib64mysql-devel-5.0.45-8.2mdv2008.0.x86_64.rpm
7037c5117e10169e7f0d862cb3916a7d 2008.0/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2008.0.x86_64.rpm
624b99283d71f7fc372029d188b0d68e 2008.0/x86_64/mysql-5.0.45-8.2mdv2008.0.x86_64.rpm
3efcb2ad37ae4d91f5915548fcebb0fc 2008.0/x86_64/mysql-bench-5.0.45-8.2mdv2008.0.x86_64.rpm
69b7b8e85e21c015d1db4822885f9e70 2008.0/x86_64/mysql-client-5.0.45-8.2mdv2008.0.x86_64.rpm
cd9cc2fd720dedef518fed7f6dbcd851 2008.0/x86_64/mysql-common-5.0.45-8.2mdv2008.0.x86_64.rpm
dc1da6c335fdbe30762c3bdc8431de71 2008.0/x86_64/mysql-max-5.0.45-8.2mdv2008.0.x86_64.rpm
065d9a2c3515567c0d11a45a44b2b902 2008.0/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2008.0.x86_64.rpm
8fb80d3e1b683af128b77d1ab9e6ad06 2008.0/x86_64/mysql-ndb-management-5.0.45-8.2mdv2008.0.x86_64.rpm
9e4a50fcfb351876e1294bcc113a9d01 2008.0/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2008.0.x86_64.rpm
0788ada6ccdddb7db76ebcf3efbe8e0b 2008.0/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2008.0.x86_64.rpm
af4075fd835e0372f1f6745f2f6f2d24 2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm
Corporate 4.0:
08c68b948479e0609200d3a75fa1e6f8 corporate/4.0/i586/libmysql15-5.0.45-7.2.20060mlcs4.i586.rpm
9559df7a4dd7a7a5cd2f3350d0aaf644 corporate/4.0/i586/libmysql-devel-5.0.45-7.2.20060mlcs4.i586.rpm
7c6b41f3e966a9533fe2e508099e9ac3 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.2.20060mlcs4.i586.rpm
83fc3360f5f3d5e4612e8b2dcccb9d86 corporate/4.0/i586/mysql-5.0.45-7.2.20060mlcs4.i586.rpm
119770dc70f1dec99770b89569d5f244 corporate/4.0/i586/mysql-bench-5.0.45-7.2.20060mlcs4.i586.rpm
eaba4a0339945fe1e6f3b2197d43dc6d corporate/4.0/i586/mysql-client-5.0.45-7.2.20060mlcs4.i586.rpm
9d19c37b04c4db67c135ecd277b48d55 corporate/4.0/i586/mysql-common-5.0.45-7.2.20060mlcs4.i586.rpm
29ce0477fee72dd9f76665b7ab3d3733 corporate/4.0/i586/mysql-max-5.0.45-7.2.20060mlcs4.i586.rpm
76ef2d6cedff1526cea6e5391e53bd0b corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.i586.rpm
efd3de6baa6c09f0926e1d71fdcbb7d2 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.2.20060mlcs4.i586.rpm
58acbcf9bd22ae8b686f270959a24d9a corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.i586.rpm
0679c750bc5dd1f0ad9c26513c9d5a1f corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.i586.rpm
a2744801fe9ed017d4cfb3b40d7dcc42 corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1540c030207321b12c1dbf6518b259ea corporate/4.0/x86_64/lib64mysql15-5.0.45-7.2.20060mlcs4.x86_64.rpm
b8a1daf95d7212f43635d06e709c3318 corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm
11ff72e78bca0c13e2bbe1d3eba69b6f corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm
ec357bc74168b72e716ee47fdc8953ef corporate/4.0/x86_64/mysql-5.0.45-7.2.20060mlcs4.x86_64.rpm
2d4a49b5b2ef6be7f180c37bf6848502 corporate/4.0/x86_64/mysql-bench-5.0.45-7.2.20060mlcs4.x86_64.rpm
5acf56e4dc62af041eeeff90ad32ddbf corporate/4.0/x86_64/mysql-client-5.0.45-7.2.20060mlcs4.x86_64.rpm
eadd8f9b5afdadc1e67ab76e63c5ede6 corporate/4.0/x86_64/mysql-common-5.0.45-7.2.20060mlcs4.x86_64.rpm
233bd234e9c9ce5922b9655a6fdd72ce corporate/4.0/x86_64/mysql-max-5.0.45-7.2.20060mlcs4.x86_64.rpm
97494344056c6e4f8340eaf0036ac97f corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.x86_64.rpm
ca70ce3ed5c592ec41151b1c6f1d43d8 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.2.20060mlcs4.x86_64.rpm
379dab3d7aecfba0b93d5e5691d742db corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.x86_64.rpm
e0e9ca0dc122c8657aada9a9db758ca1 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.x86_64.rpm
a2744801fe9ed017d4cfb3b40d7dcc42 corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIgkXmmqjQ0CJFipgRAkLWAKClwPBbIW2SXkcexkEJjW79kexPLQCfRirO
wV2/ikre4rdv7NLrZRgofos=
=qdV+
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-588-2 April 02, 2008
mysql-dfsg-5.0 regression
https://launchpad.net/bugs/209699
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.9
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for
Ubuntu 6.06, additional improvements were made to make privilege checks
more restictive. As a result, an upstream bug was exposed which could
cause operations on tables or views in a different database to fail. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Masaaki Hirose discovered that MySQL could be made to dereference
a NULL pointer. An authenticated user could cause a denial of service
(application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)
Alexander Nozdrin discovered that MySQL did not restore database access
privileges when returning from SQL SECURITY INVOKER stored routines. An
authenticated user could exploit this to gain privileges. This issue
does not affect Ubuntu 7.10. (CVE-2007-2692)
Martin Friebe discovered that MySQL did not properly update the DEFINER
value of an altered view. An authenticated user could use CREATE SQL
SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges.
(CVE-2007-6303)
Luigi Auriemma discovered that yaSSL as included in MySQL did not
properly validate its input. This issue did not affect Ubuntu 6.06 in the default installation.
(CVE-2008-0226, CVE-2008-0227)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.diff.gz
Size/MD5: 155085 f8c7ef90adb69cf67cc6366612b63d48
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.dsc
Size/MD5: 1114 d305551acc1c106afc8fcea708bf7748
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 38560 ba617aed9cc0de2b3ab0bb27e4b73208
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 41108 c5723e8875ec8ec61bc3e35d279b0785
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 38564 4c87c774aa76333f9b6ce71be03abd9e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 6727828 250a0dc849c954205639795ead8c913c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 1423476 81fa43f4bcdaa9721311dd9cd7977713
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 6897250 ee100a247642429c58c20cf501da925d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 22493122 6c8dc59d6b0f8885bdc08e72f7aef6b6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 6141858 992e52adad73209d80bab70f7fb22d46
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 1383980 fcbf70966d6875c053e30e153b610991
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 6279892 cb5107c59d51513dc3b7d89ef64c2de1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 21351224 84fe07a8a90d1d7bdefcdfa8bf34bc55
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 6885504 86e9ad51262265b596bf490ce3c46a2d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 1463828 6a87ebba2667b07ca253b7bc3772d91e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 6943956 f8630ffc208f766da49a1628076830b6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 22706410 6e44a8947af147ac14a15fdd66e80bfd
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 6433916 dea5c30c9bc61cf362cfbb7cb692a280
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 1435924 5da529e0936388dc5584deb4155ba390
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 6538958 4e658a8fca75f30eeafbfff2a2bffa9c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 21972902 4d273677401e7896b4e65d8fc9996ce5
.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1478-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 28, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0226 CVE-2008-0227
Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL
implementation included in the MySQL database package, which could lead
to denial of service and possibly the execution of arbitrary code.
For the unstable distribution (sid), these problems have been fixed in
version 5.0.51-3.
For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch5.
The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.
We recommend that you upgrade your mysql-dfsg-5.0 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 4.0 (stable)
- -------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz
Size/MD5 checksum: 165895 05351b7ac0547d3666828c7eba89ee18
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc
Size/MD5 checksum: 1117 7d6a184cf5bda53d18be88728a0635c4
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb
Size/MD5 checksum: 45636 c2d87b9755088b3a67851dc4867a67f8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb
Size/MD5 checksum: 47716 5c9311fc2072be8336424c648497303e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb
Size/MD5 checksum: 53944 3a16dd0a2c795cf7e906c648844a9779
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb
Size/MD5 checksum: 8912752 826f18c201582262ee622ed9e470a915
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb
Size/MD5 checksum: 1950712 47215338ef678adf7ca6f80d9d60613e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb
Size/MD5 checksum: 8407802 e6e87a2edaf5f0405473fb3f5c859b3f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb
Size/MD5 checksum: 27365718 f83e12f0f36c31b4dbd64ab7b1b6f01d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb
Size/MD5 checksum: 47748 91489bb86084a9f6026c6156a4a5faa0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb
Size/MD5 checksum: 7376450 ba1c75fa6963352a0af68c4db08d0c12
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb
Size/MD5 checksum: 47708 4a3047795b3030063a47c969cfe4c324
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb
Size/MD5 checksum: 1830910 c24fc179d4fb37994b5af2cb8c405ff1
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb
Size/MD5 checksum: 25939846 8b0e047de274ed90f69a76f22866561a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb
Size/MD5 checksum: 7547346 003c7231b81203a50ec563ff5142a010
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb
Size/MD5 checksum: 47756 0145e1aa5ec02b5c60c2d78bbcd334a0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb
Size/MD5 checksum: 25345622 2de813c86f1d10fb2df34d8b9de2336e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_arm.deb
Size/MD5 checksum: 6929754 8a6b3351769b567a468bc7dcb97a2141
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_arm.deb
Size/MD5 checksum: 7204866 a8f69933d8081e753b76402e47e7a64a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_arm.deb
Size/MD5 checksum: 1747880 8da665b5f04444dcde03321f24ca8e4b
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_hppa.deb
Size/MD5 checksum: 1920486 cb9a2e86902dc3f174926fbd8397a969
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_hppa.deb
Size/MD5 checksum: 8046116 1eb6b1199a2c0f6a8502008a2c6df376
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_hppa.deb
Size/MD5 checksum: 27055710 085b261bf2ec3820e21ec73bb59f6caa
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_hppa.deb
Size/MD5 checksum: 47708 c17ca051ebe8783fa120c4596e32d9c2
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_hppa.deb
Size/MD5 checksum: 8003914 59650ba346b2af0d77afbac64e93cca8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_i386.deb
Size/MD5 checksum: 25370152 d615311235c5a9e6d85e7e77b4927d5d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_i386.deb
Size/MD5 checksum: 47746 1040540bc74e34b67d9606a4368162a7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_i386.deb
Size/MD5 checksum: 6971870 90aae8d289cb3df24009c65b1af3b12d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_i386.deb
Size/MD5 checksum: 7189880 6082aa213539a361cced40044161d108
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_i386.deb
Size/MD5 checksum: 1793974 ab7cbdd14a9bff04066a865634ef1ce2
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_ia64.deb
Size/MD5 checksum: 9736902 1e93082931f1055cd4c1436caa0020f3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_ia64.deb
Size/MD5 checksum: 47710 3369d882bf2b99a05397aaeddf8bf864
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_ia64.deb
Size/MD5 checksum: 2115340 472e412113e7ae0bb76853cf0167cd57
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_ia64.deb
Size/MD5 checksum: 30408810 8c8982aae5e90c451b08f22bc2a5399d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_ia64.deb
Size/MD5 checksum: 10341648 a5ef1b86109c465131ccfe5a9147bd74
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mips.deb
Size/MD5 checksum: 7655576 b92c42fbbd64a377fcc4277a1696ccdd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mips.deb
Size/MD5 checksum: 1835994 2650808f606406336f55b31497bea015
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mips.deb
Size/MD5 checksum: 7749018 db3eb1fb41084f7cda145ecc1f808402
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mips.deb
Size/MD5 checksum: 47710 698fd659ef265c937dd045cfb2e9e28a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mips.deb
Size/MD5 checksum: 26338840 89c569b544aeb60ce6aae1c77d40965e
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mipsel.deb
Size/MD5 checksum: 1789510 2501eed6aaa7143a89f13e4bd9658ecf
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mipsel.deb
Size/MD5 checksum: 47718 ed3dc0fc53b78b2307dc4790ff82a174
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mipsel.deb
Size/MD5 checksum: 7640356 5417137e8b9632964ea0d67e8cd96416
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mipsel.deb
Size/MD5 checksum: 25845474 d379d4a5f900202d6244858d379aa46a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mipsel.deb
Size/MD5 checksum: 7561164 31fa1242af6a762a92486aa327469d1f
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_powerpc.deb
Size/MD5 checksum: 1832312 c6ab2b2c70aed56a7748eb0a5dd04c8c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_powerpc.deb
Size/MD5 checksum: 7573184 f43fb3a11284830b745346775073f92d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_powerpc.deb
Size/MD5 checksum: 7511850 184e9e37e760f4bb3779385d134975db
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_powerpc.deb
Size/MD5 checksum: 47708 a76913df77b9f358f88a66875dc13a46
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_powerpc.deb
Size/MD5 checksum: 26164462 386da660c381925416238a51b0a847a4
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_s390.deb
Size/MD5 checksum: 47714 7fa0b60bff0e106f6328b0b026566008
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_s390.deb
Size/MD5 checksum: 26763646 544f49b13f6207c1a104dc9eef9e6dd9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_s390.deb
Size/MD5 checksum: 7413442 b70c6184c3b82ead175debdd569ab807
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_s390.deb
Size/MD5 checksum: 7507380 f9cecc1ace4fd2455516986637490930
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_s390.deb
Size/MD5 checksum: 1951732 d5eaad746a8db92889febd0da68f1ae5
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_sparc.deb
Size/MD5 checksum: 7153228 566328488d67a3843b04689d76f0253d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_sparc.deb
Size/MD5 checksum: 47714 551a6f9a790b301d63c856ecab13be75
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_sparc.deb
Size/MD5 checksum: 7013384 3915c6846d5ffce6e321b7e40006cb66
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_sparc.deb
Size/MD5 checksum: 1797430 b0bd228090c8923d08c9b8ee84a1edb8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_sparc.deb
Size/MD5 checksum: 25425084 a9934459b8cde72354ffc463b2ec140f
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHnjjKXm3vHE4uyloRApi/AKCLKlM616TTchb0zEQ8K4cOCdgZhwCffa1J
oQ57J3yhzeNDDwqXdxLvhxM=
=6ogr
-----END PGP SIGNATURE-----
| VAR-200507-0107 | CVE-2005-2105 | Cisco IOS of AAA Avoiding authentication in authentication services Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
A remote attacker may exploit this issue to bypass authentication and gain unauthorized access to the affected service. Cisco IOS is the underlying system used by Cisco devices