VARIoT IoT vulnerabilities database

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455. Cisco Anomaly Detection and Mitigation appliances and service modules are prone to an authentication-bypass vulnerability. This issue can allow attackers to gain unauthorized access to devices or gain elevated privileges. This vulnerability presents itself when the devices have been configured to authenticate users against an external TACACS+ server, but an external TACACS+ server isn't specified in the configuration using the 'tacacs-server host' command. Note that a device is vulnerable only if the 'tacacs-server host' command isn't present in the configuration. Depending on the privileges gained, the attacker may obtain sensitive information about a network by sniffing traffic and inspecting configuration policies. Denial-of-service attacks are also possible. Both Cisco Guard and Cisco Traffic Anomaly Detector appliances are Distributed Denial of Service (DDoS) attack mitigation appliances that detect potential DDoS attacks and divert attack traffic to the monitored network without affecting legitimate traffic. The permissions available to bypass authentication users depend on the type of account used to log in and whether there is an account on the device. The situation is as follows: * Using a non-existing account: the user can only execute the show command Obtain the same permissions normally given to this account* Using an existing Linux account: the user can access the base Linux shell Additionally, if the enable authentication is performed on the TACACS+ server via the aaa authentication enable tacacs+ command and the actual TACACS+ server is not specified via the tacacs-server host command The user can also bypass the authentication of the enable command. TITLE: Cisco Products TACACS+ Authentication Bypass SECUNIA ADVISORY ID: SA18904 VERIFY ADVISORY: http://secunia.com/advisories/18904/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Cisco Guard 5.x http://secunia.com/product/8097/ Cisco Traffic Anomaly Detector 5.x http://secunia.com/product/8095/ SOFTWARE: Cisco Catalyst 6500/Cisco 7600 Router Anomaly Guard Module http://secunia.com/product/8098/ Cisco Catalyst 6500/Cisco 7600 Router Traffic Anomaly Detector Module http://secunia.com/product/8099/ DESCRIPTION: A security issue has been reported in various Cisco products, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires that TACACS+ authentication is incompletely configured (i.e. The security issue affects the following products: * Cisco Guard versions 5.0(1) and 5.0(3) * Cisco Traffic Anomaly Detector versions 5.0(1) and 5.0(3) * Anomaly Guard Module for the Cisco Catalyst 6500 switches/Cisco 7600 routers * Traffic Anomaly Detector Module for the Cisco Catalyst 6500 switches/Cisco 7600 routers NOTE: Versions prior to 5.0 and versions later than 5.0(3) are unaffected. SOLUTION: Update to version 5.1(4) or later. Software for the Cisco Guard appliance: http://www.cisco.com/pcgi-bin/tablebuild.pl/cisco-ga-crypto. Software for the Cisco Traffic Anomaly Detector appliance: http://www.cisco.com/pcgi-bin/tablebuild.pl/cisco-ad-crypto. Software for the Cisco Anomaly Guard Module: http://www.cisco.com/pcgi-bin/tablebuild.pl/cisco-agm-crypto. Software for the Cisco Anomaly Traffic Detector Module: http://www.cisco.com/pcgi-bin/tablebuild.pl/cisco-adm-crypto Configure TACACS+ authentication properly. PROVIDED AND/OR DISCOVERED BY: The vendor credits Gerrit Wenig. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060215-guard.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. Rockliffe MailSite is prone to multiple unspecified vulnerabilities. These issues may be triggered by malformed LDAP data. The exact impact of these vulnerabilities is not known at this time. Although the issues are known to crash the server, the possibility of remote code execution is unconfirmed. This BID will be updated as further information is made available. TITLE: MailSite LDAP Service Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18888 VERIFY ADVISORY: http://secunia.com/advisories/18888/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: MailSite 5.x http://secunia.com/product/1698/ MailSite 6.x http://secunia.com/product/5898/ MailSite 7.x http://secunia.com/product/6895/ DESCRIPTION: Evgeny Legerov has reported a vulnerability in MailSite, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the LDAP server within the handling of certain requests. SOLUTION: Restrict access to the LDAP service. PROVIDED AND/OR DISCOVERED BY: Evgeny Legerov, GLEG Ltd. ORIGINAL ADVISORY: http://lists.immunitysec.com/pipermail/dailydave/2006-February/002926.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. A SQL injection vulnerability exists in PHP Classifieds 6.18 to 6.20 member_login.php. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. An attacker can exploit this issue to bypass the authentication mechanism and gain access as an arbitrary user. TITLE: PHP Classifieds "member_login.php" SQL Injection SECUNIA ADVISORY ID: SA18881 VERIFY ADVISORY: http://secunia.com/advisories/18881/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: PHP Classifieds 6.x http://secunia.com/product/8084/ DESCRIPTION: Audun Larsen has reported a vulnerability in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing of login authentication but requires that the username is known and "magic_quotes_gpc" is disabled. The vulnerability has been reported in version 6.20 with member_login.php dated before 2006-02-14. Prior versions may also be affected. SOLUTION: Apply patch. http://www.deltascripts.com/download/ PROVIDED AND/OR DISCOVERED BY: Audun Larsen ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. This issue is do to the kernel's failure to properly handle the execution of an undocumented system call. The vulnerability is caused due to an unspecified error in an undocumented system call. and can be exploited to crash the system. SOLUTION: Update to version 10.4.5. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303290 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). Nokia N70 is reportedly prone to a remote denial-of-service vulnerability. A successful attack can allow an attacker to corrupt memory and to trigger a denial-of-service condition. Arbitrary code execution may be possible as well, but this has not been confirmed. Nokia model N70 is reported vulnerable to this issue; the specific firmware is currently unknown. This issue is reported to be a seperate issue than 16513 (Nokia N70 Remote Denial of Service Vulnerability) also discovered using the BSS Stack Smasher. TITLE: Nokia Cell Phones Bluetooth Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18724 VERIFY ADVISORY: http://secunia.com/advisories/18724/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Nokia N70 http://secunia.com/product/8012/ DESCRIPTION: Pierre Betouin has reported a vulnerability in Nokia cell phones, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Bluetooth stack within the handling of certain requests. This can be exploited to cause the device to stop responding or to display a "System error" message. Other Nokia cell phones with Bluetooth functionality may also be affected. SOLUTION: Disable Bluetooth. PROVIDED AND/OR DISCOVERED BY: Pierre Betouin ORIGINAL ADVISORY: http://www.secuobs.com/news/10022006-nokia_n70.shtml#english ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. PHPNuke 7.8 and prior versions are reportedly vulnerable. TITLE: PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18820 VERIFY ADVISORY: http://secunia.com/advisories/18820/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/ DESCRIPTION: Janek Vind "waraxe" has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "pagetitle" parameter in "header.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Example: http://[host]/?pagetitle=title</title></head><script+src=http://[host]/script.js? The vulnerability has been confirmed in version 7.8. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Janek Vind "waraxe" ORIGINAL ADVISORY: http://www.waraxe.us/advisory-44.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended. TITLE: Lexmark Printers LexBce Server Arbitrary Code Execution SECUNIA ADVISORY ID: SA18744 VERIFY ADVISORY: http://secunia.com/advisories/18744/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Lexmark X1100 Series http://secunia.com/product/7842/ SOFTWARE: Lexmark LexBce Server (LexPPS) 8.x http://secunia.com/product/7856/ Lexmark LexBce Server (LexPPS) 9.x http://secunia.com/product/7847/ DESCRIPTION: Peter Winter-Smith of NGSSoftware has reported a vulnerability in the LexBce Server Service included with various Lexmark printers, which can be exploited by malicious people to compromise a user's system. This can be exploited to execute arbitrary code on a system with Lexmark printer installed. NOTE: The service is installed with the printer drivers of Lexmark X1100 series (LexPPS version 8.29), and X2200 series (LexPPS version 9.41). Other Lexmark printers may also have the service installed. SOLUTION: Disable the service if printer sharing is not required. PROVIDED AND/OR DISCOVERED BY: Peter Winter-Smith, NGSSoftware. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Nortel Networks is the industry's leading provider of communications equipment, offering a wide range of network communications equipment. A remote denial of service vulnerability exists in multiple VPN products from Nortel Networks. This vulnerability is triggered if a special network communication is handled, causing the IPSec software to fail to process ESP traffic, causing a denial of service. The specific content and type of network traffic sufficient to trigger this issue are currently unknown. This issue is reportedly being tracked by Nortel as support case 060110-04843. Nortel IPSec client software version v04_60.51 and newer is reportedly susceptible to this issue. Further reports indicate this issue is exploitable only through an existing IPSec tunnel and only via a valid remote access account. NOTE: Further analysis and reports have indicated that this issue is limited to the VPN Client. Therefore, we have determined that this does not present a security threat. This BID is being retired

Multiple unspecified vulnerabilities in Tumbleweed MailGate Email Firewall (EMF) 6.x allow remote attackers to (1) trigger temporarily incorrect processing of an e-mail message under "extremely heavy loads" and (2) cause an "increased number of missed spam" during "spam outbreaks.". MailGate Email Firewall is prone to a remote security vulnerability

Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. A successful attack can cause the device to hang, completely denying further service to legitimate users. Cisco has documented this issue as Bug IDs CSCsb77324 and CSCsd26340. The vulnerability is caused due to an error when processing HTTP packets. Successful exploitation requires that the HTTP service is enabled (default setting). The vulnerability has been reported in software versions 4.7.0 through 4.7.2.A (including version 4.7REL). Software versions prior to 4.7.x are not affected. SOLUTION: Update to software version 4.7.2.B or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/vpn3000-3des Disable the HTTP service. PROVIDED AND/OR DISCOVERED BY: Discussed at the Schmoocon security conference. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ AAA (authentication, authorization, and accounting) Authentication, authorization, and billing management for network usage ( Access management ) It is a mechanism for doing. Cisco IOS is prone to a remote AAA command authorization-bypass vulnerability. This issue allows remote attackers to bypass AAA command authorization checks and to gain elevated access to affected devices. This issue is documented by Cisco bug ID CSCeh73049http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeh73049. Cisco Internet Operating System (IOS) is an operating system used on CISCO routers. In some configurations, a logged-in user can execute arbitrary commands through the TCL Shell without authentication, resulting in privilege escalation. Devices that do not have the AAA service function and do not support TCL are not affected by this vulnerability. TITLE: Cisco IOS AAA Command Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA18613 VERIFY ADVISORY: http://secunia.com/advisories/18613/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability has been reported in IOS Version 12.0T or later. Note: It has also been reported that an authenticated user is automatically placed into the Tcl Shell mode if a previous user goes into Tcl Shell mode and terminates the session before leaving the Tcl Shell mode. This may help to exacerbate the vulnerability. SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Fischbach of COLT Telecom. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ AAA (authentication, authorization, and accounting) Authentication, authorization, and billing management for network usage ( Access management ) It is a mechanism for doing. Cisco IOS Then AAA It is possible to determine the privilege level of the authenticated user by using and to set authorization for specific commands for each level. Cisco IOS Implemented in AAA The command authorization function includes Tcl Shell mode (tclsh) There is a problem that authorization check is not properly executed for the command executed by. Tcl Shell mode is supported AAA Use the command authorization function IOS A device may be able to execute arbitrary commands with elevated privileges if exploited by a local attacker.Please refer to the “Overview” for the impact of this vulnerability. Cisco IOS is prone to a remote AAA command authorization-bypass vulnerability. This issue allows remote attackers to bypass AAA command authorization checks and to gain elevated access to affected devices. This issue is documented by Cisco bug ID CSCeh73049http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeh73049. TITLE: Cisco IOS AAA Command Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA18613 VERIFY ADVISORY: http://secunia.com/advisories/18613/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to bypass certain security restrictions. Note: It has also been reported that an authenticated user is automatically placed into the Tcl Shell mode if a previous user goes into Tcl Shell mode and terminates the session before leaving the Tcl Shell mode. This may help to exacerbate the vulnerability. SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Fischbach of COLT Telecom. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. An attacker can exploit this vulnerability to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. There are loopholes in Kerio WinRoute's handling of specific web browsing operations, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall. TITLE: Kerio WinRoute Firewall Web Browsing Denial of Service SECUNIA ADVISORY ID: SA18589 VERIFY ADVISORY: http://secunia.com/advisories/18589/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Update to version 6.1.4 Patch 2. http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. Kerio WinRoute has loopholes when processing specific HTML data, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall. TITLE: Kerio WinRoute Firewall Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA18542 VERIFY ADVISORY: http://secunia.com/advisories/18542/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: Two vulnerabilities have been reported in Kerio WinRoute Firewall, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain data when performing HTML content filtering may be exploited to cause a DoS. 2) An error in the handling of overly long strings fetched from the Active Directory may be exploited to cause a DoS. Some other errors, which may be security related, have also been fixed. SOLUTION: Update to version 6.1.4 Patch 1. http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. plural F-Secure Anti-Virus The product contains a buffer overflow vulnerability.Arbitrary code could be executed by a third party. F-Secure is prone to multiple vulnerabilities when handling archives of various formats. The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise. Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection. TITLE: F-Secure Anti-Virus Archive Handling Vulnerabilities SECUNIA ADVISORY ID: SA18529 VERIFY ADVISORY: http://secunia.com/advisories/18529/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: >From remote SOFTWARE: F-Secure Personal Express 6.x http://secunia.com/product/6885/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2005 http://secunia.com/product/4300/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ DESCRIPTION: Some vulnerabilities have been reported in various F-Secure products, which can be exploited by malware to bypass detection or malicious people to compromise a vulnerable system. 2) An error in the scanning functionality when processing RAR and ZIP archives can be exploited to prevent malware from being detected. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2006-1.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. F-Secure is prone to multiple vulnerabilities when handling archives of various formats. The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise. Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection. TITLE: F-Secure Anti-Virus Archive Handling Vulnerabilities SECUNIA ADVISORY ID: SA18529 VERIFY ADVISORY: http://secunia.com/advisories/18529/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: >From remote SOFTWARE: F-Secure Personal Express 6.x http://secunia.com/product/6885/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2005 http://secunia.com/product/4300/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ DESCRIPTION: Some vulnerabilities have been reported in various F-Secure products, which can be exploited by malware to bypass detection or malicious people to compromise a vulnerable system. 2) An error in the scanning functionality when processing RAR and ZIP archives can be exploited to prevent malware from being detected. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2006-1.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page.". Cisco CallManager is susceptible to a remote privilege escalation vulnerability. This issue is due to a failure of the application to properly enforce access controls. This issue is only exploitable when Multi Level Administration is enabled, and users are granted read-only administrative access via the CCMAdmin Web interface. TITLE: Cisco Call Manager CCMAdmin Privilege Escalation SECUNIA ADVISORY ID: SA18501 VERIFY ADVISORY: http://secunia.com/advisories/18501/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Cisco CallManager 4.x http://secunia.com/product/5363/ Cisco CallManager 3.x http://secunia.com/product/2805/ DESCRIPTION: A vulnerability has been reported in Cisco CallManager, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an error in the CCMAdmin web page. The vulnerability affects the following versions: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1 * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml#software PROVIDED AND/OR DISCOVERED BY: The vendor credits CNLabs of Switzerland. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. Cisco IOS SGBP is prone to a remote denial of service vulnerability. This issue arises on devices that have been configured to run SGBP. A successful attack causes a device to hang and fail to respond to further requests. It should be noted that a system watchdog timer will detect this condition after a delay and restart the device. Internet Operating System (IOS) is an operating system used on CISCO routers. Remote attackers can use this loophole to launch denial-of-service attacks on the device. A specially crafted UPD message can cause a denial of service in the Cisco IOS-provided SGBP implementation. Sending the above message to port 9900 of an affected device can cause it to freeze and stop responding or transmitting traffic. The vulnerability is caused due to an error in the handling of the SGBP protocol (Stack Group Bidding Protocol). This can be exploited to cause a vulnerable device to become unresponsive and trigger a hardware reset by sending a specially crafted UDP datagram to port 9900. SOLUTION: Fixes are available for IOS 12.0, 12.1, 12.2, 12.3, and 12.4 (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. Linksys BEFVP41 routers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. This issue allows remote attackers to crash affected devices, denying service to legitimate users. Reportedly, attackers must be located on the internal network, and be able to pass traffic through the router to exploit this issue. It may also be possible from the external side of the network, but this has not been confirmed. The vulnerability has been reported in version 2.0 with firmware revision 1.01.04. SOLUTION: Use the device on trusted networks only. PROVIDED AND/OR DISCOVERED BY: Paul ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. Cisco CallManager There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. CallManager is susceptible to multiple remote denial of service vulnerabilities. These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers. Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Under certain circumstances, CCM will keep the TCP connection open indefinitely until the CCM service is restarted or the server is restarted. Successful exploitation of these vulnerabilities could result in a denial of service attack, causing high CPU usage, interrupting service, or restarting the server, which could then cause the phone to become unresponsive, log off the phone from the CCM, or restart the CCM. TITLE: Cisco CallManager Connection Handling Denial of Service SECUNIA ADVISORY ID: SA18494 VERIFY ADVISORY: http://secunia.com/advisories/18494/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Cisco CallManager 3.x http://secunia.com/product/2805/ Cisco CallManager 4.x http://secunia.com/product/5363/ DESCRIPTION: Some vulnerabilities has been reported in Cisco CallManager, which can be exploited by malicious people to cause a DoS (Denial of Service). 2) An error in the processing of connections to ports 2001, 2002, and 7727 can be exploited to fill up the Windows message queue by establishing multiple connections. This further leads to the Cisco CallManager restarting after a 30 second timeout. The following versions are affected: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1a * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix): http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------