VARIoT IoT vulnerabilities database

lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information. Look 'n' Stop Firewall is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to cause the affected application to stop. Look 'n' Stop Firewall 2.06 and 2.07 are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Look 'n' Stop Firewall IOCTL Handling Denial of Service Vulnerability SECUNIA ADVISORY ID: SA43044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43044 RELEASE DATE: 2011-01-26 DISCUSS ADVISORY: http://secunia.com/advisories/43044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Look 'n' Stop Firewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "lnsfw1.sys" driver when handling the 80000064h IOCTL. This can be exploited to cause an assertion error and crash the kernel via a specially crafted input buffer passed to the IOCTL. The vulnerability is confirmed in version 2.07. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Heurs OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values. Tor is a second generation of onion routing implementation. Tor is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected computer, denying service to legitimate users. These issues affect versions prior to Tor 0.2.1.29, 0.2.2, and 0.2.2.21-alpha. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Tor: Multiple vulnerabilities Date: October 18, 2011 Bugs: #351920, #359789 ID: 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30 Description =========== Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact ====== A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Tor process or create a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2011-0015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015 [ 2 ] CVE-2011-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016 [ 3 ] CVE-2011-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427 [ 4 ] CVE-2011-0490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490 [ 5 ] CVE-2011-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491 [ 6 ] CVE-2011-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492 [ 7 ] CVE-2011-0493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493 [ 8 ] CVE-2011-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file. Tor is a second generation of onion routing implementation. Tor is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected computer, denying service to legitimate users. These issues affect versions prior to Tor 0.2.1.29, 0.2.2, and 0.2.2.21-alpha. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Tor: Multiple vulnerabilities Date: October 18, 2011 Bugs: #351920, #359789 ID: 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30 Description =========== Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact ====== A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Tor process or create a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2011-0015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015 [ 2 ] CVE-2011-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016 [ 3 ] CVE-2011-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427 [ 4 ] CVE-2011-0490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490 [ 5 ] CVE-2011-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491 [ 6 ] CVE-2011-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492 [ 7 ] CVE-2011-0493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493 [ 8 ] CVE-2011-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors.". This vulnerability is related to a precision error.Service disruption by a third party ( Daemon crash ) There is a possibility of being put into a state. Tor is a second generation of onion routing implementation. To perform a denial of service (the daemon crashes). Tor is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected computer, denying service to legitimate users. These issues affect versions prior to Tor 0.2.1.29, 0.2.2, and 0.2.2.21-alpha. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Tor: Multiple vulnerabilities Date: October 18, 2011 Bugs: #351920, #359789 ID: 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30 Description =========== Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact ====== A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Tor process or create a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2011-0015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015 [ 2 ] CVE-2011-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016 [ 3 ] CVE-2011-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427 [ 4 ] CVE-2011-0490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490 [ 5 ] CVE-2011-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491 [ 6 ] CVE-2011-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492 [ 7 ] CVE-2011-0493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493 [ 8 ] CVE-2011-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages. Tor is a second generation of onion routing implementation. Versions prior to Tor 0.2.1.29 and versions prior to 0.2.2.21-alpha can be called Libevent in the Libevent Log Processor. Tor is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected computer, denying service to legitimate users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Tor: Multiple vulnerabilities Date: October 18, 2011 Bugs: #351920, #359789 ID: 201110-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30 Description =========== Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact ====== A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Tor process or create a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2011-0015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015 [ 2 ] CVE-2011-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016 [ 3 ] CVE-2011-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427 [ 4 ] CVE-2011-0490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490 [ 5 ] CVE-2011-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491 [ 6 ] CVE-2011-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492 [ 7 ] CVE-2011-0493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493 [ 8 ] CVE-2011-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700. (DoS) An attack may be carried out. Authentication is not required to exploit this vulnerability. The flaw exists within the av component which listens by default on TCP port 5700. When handling an action.execute request the process evaluates code provided as a parameter without proper validation. This allows for creation of arbitrary objects. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the oracle user. Oracle Audit Vault automates audit collection, monitoring, and reporting processes, turning audit data into critical security resources to detect unauthorized activity. This vulnerability affects the following supported versions: 10.2.3.2. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Audit Vault av.action Insufficient Parameter Validation Vulnerability SECUNIA ADVISORY ID: SA42919 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42919/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42919 RELEASE DATE: 2011-01-21 DISCUSS ADVISORY: http://secunia.com/advisories/42919/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42919/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42919 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Audit Vault, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1c239c43f521145fa8385d64a9c32243 via ZDI. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-017/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html -- Disclosure Timeline: 2010-09-29 - Vulnerability reported to vendor 2011-01-18 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * 1c239c43f521145fa8385d64a9c32243 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Tor is a second generation of onion routing implementation. The TOR project team patched Tor multiple security vulnerabilities, including heap overflow allowing arbitrary code execution (CVE-2011-0427). Zlib compression processing has a denial of service vulnerability, but some key memory is not properly zero initialized before release. Causes leakage of critical memory information. Tor is prone to a heap-based buffer-overflow vulnerability, a denial-of-service vulnerability, and an information-disclosure vulnerability. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Tor Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42907 RELEASE DATE: 2011-01-19 DISCUSS ADVISORY: http://secunia.com/advisories/42907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and two vulnerabilities have been reported in Tor, which can be exploited by malicious, local users to disclose potentially sensitive information, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. 1) An unspecified error can be exploited to cause a heap-based memory corruption. 2) An error within the handling of zlib-compressed data can be exploited to cause a DoS by sending specially crafted compressed data. 3) Various functions do not properly clear keys from memory before freeing them, which may lead to the disclosure of the keys. The weakness and the vulnerabilities are reported in versions prior to 0.2.1.29. SOLUTION: Update to version 0.2.1.29. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) debuger 2) doorss 3) cypherpunks ORIGINAL ADVISORY: http://blog.torproject.org/blog/tor-02129-released-security-patches 2) https://trac.torproject.org/projects/tor/ticket/2324 3) https://trac.torproject.org/projects/tor/ticket/2384 https://trac.torproject.org/projects/tor/ticket/2385 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA42907 SOLUTION: Apply updated packages via the apt-get package manager. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2148-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-0427 The developers of Tor, an anonymizing overlay network for TCP, found three security issues during a security audit. The Debian Security Tracker will be updated once they're available: http://security-tracker.debian.org/tracker/source-package/tor For the stable distribution (lenny), this problem has been fixed in version 0.2.1.29-1~lenny+1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.2.1.29-1. For the experimental distribution, this problem has been fixed in version 0.2.2.21-alpha-1. We recommend that you upgrade your tor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk00jUQACgkQXm3vHE4uylpElQCdGeCpaq6kGaUtHXwyKbj4WjMe Uk0AoLm9PBi6oSAqFsicw4h6M9y6gCha =NFbb -----END PGP SIGNATURE----- . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30 Description =========== Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2011-0015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015 [ 2 ] CVE-2011-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016 [ 3 ] CVE-2011-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427 [ 4 ] CVE-2011-0490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490 [ 5 ] CVE-2011-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491 [ 6 ] CVE-2011-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492 [ 7 ] CVE-2011-0493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493 [ 8 ] CVE-2011-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. Sielco Sistemi Winlog of TCP/IP The server contains a buffer overflow vulnerability. Sielco Sistemi Winlog In “Run TCP/IP server” There is a function of 46823/tcp using. A stack buffer overflow vulnerability exists in processing crafted packets. Attack code using this vulnerability has been released.Service disruption by a remote third party (DoS) An attacker may be able to attack or execute arbitrary code. Winlog Pro is an application for data acquisition and remote control of SCADA HMI monitoring software. The SCADA software can be run as a TCP/IP server by listening to the TCP 46823 port by enabling the \"Run TCP/IP server\" option in the project section \"Configuration->Options->TCP/IP\". The 0x02 opcode of the protocol is used to process some strings received by the client, and a function such as _TCPIP_WriteNumValueFP, _TCPIP_WriteDigValueFP or _TCPIP_WriteStrValueFP is called according to the data type. They parse the data using the same function at offset 00446795, and there is a stack overflow when copying the input data to the temporary buffer: 00446795 /$ 55 PUSH EBP 00446796 |. 8BEC MOV EBP, ESP 00446798 |. 83C4 C0 ADD ESP, -40 0044679B |. 53 PUSH EBX 0044679C |. 56 PUSH ESI 0044679D |. 57 PUSH EDI 0044679E |. 8B45 0C MOV EAX, DWORD PTR SS:[EBP+C] 004467A1 |. 8B5D 08 MOV EBX,DWORD PTR SS:[ EBP+8] 004467A4 |. 8BF8 MOV EDI,EAX 004467A6 |. 33C0 XOR EAX,EAX 004467A8 |. 56 PUSH ESI 004467A9 |. 83C9 FF OR ECX,FFFFFFFF 004467AC |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] ; stren 004467AE |. F7D1 NOT ECX 004467B0 |. 2BF9 SUB EDI,ECX 004467B2 |. 8D75 C0 LEA ESI,DWORD PTR SS:[EBP-40] 004467B5 |. 87F7 XCHG EDI,ESI 004467B7 |. 8BD1 MOV EDX,ECX 004467B9 |. 8BC7 MOV EAX, EDI 00446 7BB |. C1E9 02 SHR ECX,2 004467BE |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; memcpy. Winlog Pro is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input. Failed attacks will cause denial-of-service conditions. Winlog Pro 2.07.00 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Winlog Pro TCP/IP Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42894 RELEASE DATE: 2011-01-15 DISCUSS ADVISORY: http://secunia.com/advisories/42894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in Winlog Pro, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code, but requires the "Run TCP/IP Server" option to be enabled (disabled by default). SOLUTION: Update to version 2.07.01. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/winlog_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SAP Crystal Reports Server is prone to multiple cross-site scripting vulnerabilities and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. The cross-site scripting issues can be exploited to execute script code in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. The directory-traversal issue can be exploited to disclose the contents of arbitrary files. SAP Crystal Reports Server 2008 is vulnerable.

The SAP Crystal Reports Server ActiveX control is prone to multiple insecure-method vulnerabilities. Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. SAP Crystal Reports Server 2008 is vulnerable.

Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. Cisco Linksys WRT54GC provided by Cisco Systems contains a buffer overflow vulnerability. Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.When processing a specially crafted HTTP request, the router may crash resulting in a denial-of-service (DoS). The Linksys WRT54GC is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Failed exploit attempts will result in a denial-of-service condition. Linksys WRT54GC firmware versions prior to 1.06.1 are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linksys WRT54GC Web Management Interface Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA43017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43017 RELEASE DATE: 2011-01-21 DISCUSS ADVISORY: http://secunia.com/advisories/43017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Linksys WRT54GC, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to firmware version 1.06.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Yuji Ukai, Fourteenforty Research Institute. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/viewAlert.x?alertId=22228 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Oracle has released advance notification regarding the January 2011 Critical Patch Update (CPU) to be released on January 18, 2011. The update addresses 66 vulnerabilities affecting the following software: Oracle Database Server Oracle Secure Backup Oracle Fusion Middleware Oracle Enterprise Manager Grid Control Oracle Solaris products Oracle Applications Oracle Supply Chain Products Suite Oracle PeopleSoft and JDEdwards Suite Oracle Industry Applications Oracle Sun Products Oracle Open Office Suite Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. This BID is being retired. The following individual records exist to better document these issues: 34083 Sun Java System Communications Express Multiple HTML Injection Vulnerabilities 40235 MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability 42202 OpenOffice Impress File Multiple Buffer Overflow Vulnerabilities 42637 Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability 43819 GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability 43965 Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability 43971 Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability 43979 Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability 43985 Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability 43988 Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability 43992 Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability 43994 Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability 44009 Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability 44011 Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability 44012 Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability 44013 Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability 44014 Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability 44016 Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability 44017 Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability 44026 Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability 44027 Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability 44028 Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability 44030 Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability 44032 Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability 44035 Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability 44038 Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability 45844 Oracle Audit Vault CVE-2010-4449 Remote Code Execution Vulnerability 45845 Oracle Database Server CVE-2010-4413 Remote Scheduler Agent Vulnerability 45846 Oracle Document Capture CVE-2010-3598 Remote Vulnerability 45847 Oracle WebLogic Server CVE-2010-3510 Remote Security Vulnerability 45848 Oracle Fusion Middleware CVE-2010-4455 Remote Oracle HTTP Server Vulnerability 45849 Oracle Document Capture CVE-2010-3595 Remote Vulnerability 45850 Oracle Secure Backup CVE-2010-3596 Remote mod_ssl Vulnerability 45851 Oracle Document Capture CVE-2010-3591 Remote Vulnerability 45852 Oracle Fusion Middleware CVE-2010-4437 Remote Oracle WebLogic Server Vulnerability 45853 Oracle Solaris CVE-2010-4435 Remote CDE Calendar Manager Service Daemon Vulnerability 45854 Oracle Fusion Middleware CVE-2010-4417 Beehive Remote Code Execution Vulnerability 45855 Oracle Database Server CVE-2010-4420 Local Database Vault Vulnerability 45856 Oracle Document Capture CVE-2010-3599 Remote Vulnerability 45857 Oracle PeopleSoft Enterprise HRMS CVE-2010-4461 Remote Vulnerability 45858 Oracle Fusion Middleware CVE-2010-3588 Remote Oracle Discoverer Vulnerability 45859 Oracle Cluster Verify Utility CVE-2010-4423 Local Vulnerability 45860 Oracle Supply Chain Product CVE-2010-4429 Remote Security Vulnerability 45861 Oracle Application Object Library CVE-2010-3589 Remote Security Vulnerability 45862 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4424 Remote Vulnerability 45863 Oracle PeopleSoft Enterprise HRMS CVE-2010-4430 Remote Vulnerability 45864 Oracle Solaris 11 Express CVE-2010-4457 Remote CIFS Vulnerability 45865 Oracle PeopleSoft CVE-2010-4418 Remote Enterprise PeopleTools Vulnerability 45866 Oracle PeopleSoft Enterprise HRMS CVE-2010-4439 Remote Vulnerability 45867 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4426 Remote Vulnerability 45868 Oracle Fusion Middleware CVE-2010-4416 Remote Oracle GoldenGate Veridata Vulnerability 45869 Oracle PeopleSoft Enterprise HRMS CVE-2010-4445 Remote Vulnerability 45870 Oracle E-Business Suite CVE-2010-3587 Common Applications Component Remote Vulnerability 45871 Oracle Document Capture CVE-2010-3592 Remote Vulnerability 45872 Oracle Supply Chain Product CVE-2010-3505 Remote Security Vulnerability 45873 Oracle PeopleSoft Enterprise HRMS CVE-2010-4428 Remote Vulnerability 45874 Oracle Enterprise Manager Real User Experience Insight (RUEI) SQL Injection Vulnerability 45875 Oracle Transportation Manager CVE-2010-4432 Remote Security Vulnerability 45876 Oracle VM VirtualBox CVE-2010-4414 Local Extensions Vulnerability 45877 Oracle Fusion Middleware CVE-2010-4453 Remote Oracle WebLogic Server Vulnerability 45878 Oracle Solaris CVE-2010-4459 Local Vulnerability 45879 Oracle PeopleSoft CVE-2010-4419 Remote Enterprise CRM Vulnerability 45880 Oracle Spatial CVE-2010-3590 Remote Security Vulnerability 45881 Oracle PeopleSoft CVE-2010-4441 Remote Enterprise HRMS Vulnerability 45883 Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability 45884 Oracle OpenSSO and Java SAM CVE-2010-4444 Remote Vulnerability 45885 Oracle SunMC CVE-2010-4436 Remote Vulnerability 45886 Oracle Solaris CVE-2010-4443 Local Solaris Vulnerability 45887 Oracle Sun Convergence CVE-2010-4464 Remote Vulnerability 45888 Oracle Sun Solaris CVE-2010-4440 Local Security Vulnerability 45889 Oracle Solaris CVE-2010-4458 Local Solaris Vulnerability 45890 Oracle Sun GlassFish and Message Queue CVE-2010-4438 Local Security Vulnerability 45891 Oracle Solaris CVE-2010-4442 Local Kernel Vulnerability 45892 Oracle Sun Solaris CVE-2010-4446 Local Security Vulnerability 45893 Oracle Sun Solaris 10 CVE-2010-4433 Remote Security Vulnerability 45895 Oracle Solaris CVE-2010-4460 Local Solaris Vulnerability 45896 Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability 45897 Oracle BI Publisher CVE-2010-4425 Remote Security Vulnerability 45898 Oracle Sun Java System Portal Server CVE-2010-4431 Local Security Vulnerability 45899 Oracle PeopleSoft CVE-2010-4434 Remote Enterprise PeopleTools Vulnerability 45900 Oracle BI Publisher CVE-2010-4427 Remote Security Vulnerability 45901 Oracle Outside In Technology CVE-2010-3597 Local Security Vulnerability 45902 Oracle CVE-2010-3593 Remote Health Sciences - Oracle Argus Safety Vulnerability 45903 Oracle Sun Solaris CVE-2010-3586 Local Security Vulnerability 45904 Oracle Solaris CVE-2010-4415 Local 'libc' Vulnerability 45905 Oracle Database Vault CVE-2010-4421 Remote Security Vulnerability

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. Advantech Studio Test Web Server Contains a buffer overflow vulnerability. Indusoft is a powerful interpersonal interface graphical design software (SCADA) developed by indusoft. InduSoft NTWebServer runs the test WEB service on TCP port 80. Successful exploitation of the vulnerability can be performed in the context of the service process. Code. InduSoft NTWebServer is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the affected server. Successful attacks will compromise the server and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. SOLUTION: Apply patch. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: InduSoft Web Studio NTWebServer Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42883 RELEASE DATE: 2011-01-13 DISCUSS ADVISORY: http://secunia.com/advisories/42883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in InduSoft Web Studio, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is reported in version 7.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. Use a different web server. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Jeremy Brown. ORIGINAL ADVISORY: InduSoft: http://www.indusoft.com/blog/?p=337 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SAP Kernel is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aid in further attacks and facilitate access to other services. The issue affects the following: SAP Kernel 6.40 7.00, 7.01, 7.10, 7.11, 7.20.

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management interface which listens by default on TCP port 443. While parsing requests sent to the login.php page, the process does not properly sanitize the USERNAME POST parameter. By sending a specially crafted string, a remote attacker can leverage this vulnerability to inject arbitrary SQL into the backend database on the server. Symantec Web Gateway is a Web security gateway hardware appliance. Any SQL. Exploiting this issue could allow an attacker to compromise the device, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=2011&amp;suid=20110112_00 -- Disclosure Timeline: 2010-09-23 - Vulnerability reported to vendor 2011-01-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * RadLSneak -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Management Interface "USERNAME" SQL Injection SECUNIA ADVISORY ID: SA42878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 RELEASE DATE: 2011-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/42878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Web Gateway, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to compromise a vulnerable system. The vulnerability is reported in version 4.5. Other versions may also be affected. SOLUTION: Update to version 4.5.0.376 or later. PROVIDED AND/OR DISCOVERED BY: RadLSneak via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-013/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Successful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Versions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable. Gents, BlackHat Washington DC has just finished, and we wanted to let you know that RIM officially released a patch for the vulnerability found by TEHTRI-Security in BlackBerry devices, and covered during our talk: "Inglourious Hackerds: Targeting Web Clients". To quote RIM web site, the BlackBerry device subsequently terminates the browser, and the browser eventually restarts and displays an error message. What was quite funny is that, with little tweaks (based on incoming User-Agent + sizes of buffers + payloads...) our 0day also worked against HTC Windows, Apple iPhone/iPod (CVE-2010-1752) and Google Android devices, with different kind of results. It's all related to a flaw in the way those devices try to handle HTML codes, based on some concepts taken from the HTTP RFC directly... To avoid the spread of annoying exploits, that would target customers of Google, RIM, Apple & HTC, we only shared some information with the vendors and during the BlackHat DC event, but our slides on BlackHat.com will also contain part of information. If you want to go further, here are some useful links: - Official RIM web page dealing with our 0Day: http://www.blackberry.com/btsc/KB24841 - BlackHat Washington DC: https://www.blackhat.com/html/bh-dc-11/bh-dc-11-schedule.html - Mitre CVE Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2599 - Gartner.com Blog Entry about our talk @BHDC: http://blogs.gartner.com/john_pescatore/2011/01/20/if-a-toy-breaks-in-a-work-forest-will-the-toy-vendor-hear-a-noise-and-fix-it/ - NetworkWorld Press Article about our talk @BHDC: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html - TEHTRI-Security Blog: http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html We would like to thanks the security experts of RIM who came to our talk in Washington, and who took time there to share explanations with our attendees in order to show how they mitigated our findings by handling those issues with all the carriers involved worldwide (what an incredible task). On our side, we got technical fun by doing technical penetration tests on those devices, and this is how we found such 0days. We do think that basic tests are not always done properly because of consumerization, money & time issues, etc. Recently, we found 0days against IP Camera surveillance, etc, by doing penetration tests. We live in world where everything has to be clean, beautiful, quick, easy, marketable, and certified. But what about IT Security, while everything gets more and more complex... We now all get Certified non-Ethically Hackable... "Good night, and Good luck." Best regards, Laurent OUDOT, from Washington DC, USA @BlackHatDC Briefings ( http://blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Oudot ) TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris . Gents, If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check): http://tehtris.com/bbcheck For now, this will check for you if you are potentially vulnerable against those exploits: -> Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp http://www.blackberry.com/btsc/KB12577 -> Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security http://www.blackberry.com/btsc/KB24841 -> Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers A workaround for this latest vulnerability (CVE-2011-1290) could be to disable JavaScript, as explained on RIM resources. You should definitely read this: http://www.blackberry.com/btsc/KB26132 Have a nice day, Laurent OUDOT, CEO TEHTRI-Security -- "This is not a game" http://www.tehtri-security.com/ Follow us: @tehtris => Join us for more hacking tricks during next awesome events: - SyScan Singapore (April) -- Training: "Advanced PHP Hacking" http://www.syscan.org/index.php/sg/training - HITB Amsterdam (May) -- Training: "Hunting Web Attackers" http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability. A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. WellinTech KingView 6.53 Contains a heap overflow vulnerability. WellinTech KingView 6.53 of HistorySrv service (777/tcp) Crafted Flink and Blink When processing pointers A heap overflow vulnerability exists. Attack code using this vulnerability has been released.WellinTech KingView Service disruption by a third party with access to (DoS) An attacker may be attacked or execute arbitrary code with user privileges. KingView is the configuration software in the HMI / SCADA series products produced by Beijing Yakong. This software is mainly used for process control and management monitoring of industrial automation. The software is deployed on the Windows operating system platform, and the 777 service port is opened for historical data synchronization. Because its 777 service port listening process, HistorySvr.exe, does not have adequate security controls in the process of processing data, an attacker can cause the service to crash or achieve overflow by sending a specially constructed data packet to the service port to gain operating system host management permissions. If you further guess the KingView 6.53 management system username and password installed on the host, you will directly gain control of the industrial system associated with it. KingView is prone to a heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. KingView 6.53 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: KingView HistorySvr Service Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42851 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42851/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42851 RELEASE DATE: 2011-01-11 DISCUSS ADVISORY: http://secunia.com/advisories/42851/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42851/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42851 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in KingView, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 6.53. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Dillon Beresford OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. Cisco IOS Run on CallManager Express There is a service disruption (DoS) There is a vulnerability that becomes a condition. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCta63555. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCsq24002. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. SOLUTION: Update to Cisco IOS version 15.0(1)XA5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. The problem is Bug ID CSCso05336 It is a problem.By a third party IRC Service disruption via connection to server (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA are vulnerable. This issue being tracked by Cisco bug ID CSCso05336. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This vulnerability is related to \"broken magic value\". ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------