VARIoT IoT vulnerabilities database

The SAP GUI is a graphical user interface client for SAP software. An attacker can build a saplogon.ini file containing a specially crafted label that overwrites the files on the user's upgrade server, causing a buffer overflow when the user installs the upgrade. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. SAP GUI is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attacks will cause denial-of-service conditions

The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. Cisco IOS of PKI Because the feature does not prevent the use of a persistent cache for a particular public key, there are vulnerabilities that are bypassed for authentication or otherwise unaffected. The problem is Bug ID CSCth82164 Is the problem of CVE-2010-4685 Is a different vulnerability.Keys that have been disabled from valid IKE Through peer relationships, authentication can be bypassed or other details can be affected. Cisco IOS is prone to a security-bypass vulnerability. Exploiting this issue can allow attackers to bypass certain security restrictions. Cisco IOS 15.0 and 15.1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco IOS OCSP Revoked Certificate Security Issue SECUNIA ADVISORY ID: SA44363 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44363/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44363 RELEASE DATE: 2011-04-27 DISCUSS ADVISORY: http://secunia.com/advisories/44363/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44363/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44363 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error in the OCSP functionality and can lead to a revoked certificate being successfully authenticated. SOLUTION: Update to versions 15.1(1)S1 or 15.1(2)T2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has an input validation error, and the input to the \"sort\", \"numPerPage\", \"page\", \"lastPage\", \"numPerpageb\", \"pageb\" and \"direction\" parameters passed to MessagingSystem/monitor/monitor.jsp is returned. The lack of filtering by users can lead to cross-site scripting attacks. The user lacks filtering before and can execute arbitrary HTML and script code on the target user's browser. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SAP NetWeaver Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Alexandr Polyakov, Digital Security Research Group 2) Dmitriy Evdokimov, Digital Security Research Group ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1443367 https://service.sap.com/sap/support/notes/1490335 Digital Security Research Group (DSECRG-11-015, DSECRG-11-016): http://dsecrg.com/pages/vul/show.php?id=315 http://dsecrg.com/pages/vul/show.php?id=316 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Oracle has released advance notification regarding the April 2011 Critical Patch Update (CPU) to be released on April 19, 2011. The update addresses 73 vulnerabilities affecting the following software: Oracle Database Oracle Fusion Middleware Oracle Application Server Oracle Identity Management Oracle JRockit Oracle Outside In Technology Oracle WebLogic Server Oracle E-Business Suite Oracle Agile Technology Platform Oracle PeopleSoft Enterprise CRM Oracle PeopleSoft Enterprise ELS Oracle PeopleSoft Enterprise HRMS Oracle PeopleSoft Enterprise Portal Oracle PeopleSoft Enterprise People Tools Oracle JD Edwards OneWorld Tools Oracle JD Edwards EnterpriseOne Tools Oracle Siebel CRM Core Oracle InForm Oracle Sun Product Suite Oracle Open Office StarOffice/StarSuite Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. This BID is being retired. The following individual records exist to better document the issues: 46031 OpenOffice Multiple Remote Code Execution Vulnerabilities 46091 Oracle Java Floating-Point Value Denial of Service Vulnerability 46387 Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability 46388 Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability 46391 Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability 46393 Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability 46394 Oracle Java SE and Java for Business Remote Code Execution Vulnerability 46395 Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability 46397 Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability 46398 Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability 46399 Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability 46403 Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability 46404 Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability 46406 Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability 46767 Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability 47171 Oracle Solaris CVE-2011-0412 Password Hash Local Information Disclosure Weakness 47429 Oracle Database Server CVE-2011-0792 Remote Oracle Warehouse Builder Vulnerability 47430 Oracle Database CVE-2011-0806 Network Foundation Remote Vulnerability 47431 Oracle Database Server CVE-2011-0799 Remote Warehouse Builder Vulnerability 47432 Oracle Database Server CVE-2011-0804 Remote Database Vault Vulnerability 47434 Oracle E-Business Suite CVE-2011-0809 Web ADI Remote Vulnerability 47435 Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability 47436 Oracle Database Server CVE-2011-0793 Remote Database Vault Vulnerability 47437 Oracle Outside In Technology Microsoft CAB File Parsing Remote Code Execution Vulnerability 47438 Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability 47439 Oracle PeopleSoft Enterprise HRMS CVE-2011-0853 Remote PeopleSoft Enterprise HRMS Vulnerability 47440 Oracle E-Business Suite CVE-2011-0797 Applications Install Remote Vulnerability 47441 Oracle Database Server CVE-2011-0805 Remote UIX Vulnerability 47442 Oracle PeopleSoft Enterprise HRMS CVE-2011-0854 Remote PeopleSoft Enterprise HRMS Vulnerability 47443 Oracle Database Server CVE-2011-0785 Remote Oracle Help Vulnerability 47444 Oracle Sun Solaris 11 Express CVE-2011-0841 Remote Vulnerability 47445 Oracle PeopleSoft Enterprise HRMS CVE-2011-0858 Remote Talent Acquisition Manager Vulnerability 47446 Oracle E-Business Suite CVE-2011-0791 Remote Application Object Library Vulnerability 47448 Oracle PeopleSoft Enterprise HRMS CVE-2011-0857 Remote PeopleSoft Enterprise HRMS Vulnerability 47449 Oracle E-Business Suite CVE-2011-0796 Applications Install Local Vulnerability 47450 Oracle Sun Solaris CVE-2011-0800 Local Vulnerability 47451 Oracle Enterprise Manager Grid Control CVE-2011-0787 Remote Security Vulnerability 47452 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0825 Remote Vulnerability 47453 Oracle PeopleSoft Enterprise HRMS CVE-2011-0859 Remote Global Payroll North America Vulnerability 47454 Oracle Supply Chain Product CVE-2011-0837 Remote Agile Technology Platform Vulnerability 47455 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0824 Remote Vulnerabilty 47456 Oracle Peoplesoft Enterprise CVE-2011-0826 Remote Vulnerability 47459 Oracle PeopleSoft Enterprise HRMS CVE-2011-0860 Remote Global Payroll Spain Vulnerability 47460 Oracle PeopleSoft Enterprise CRM CVE-2011-0850 Remote Vulnerability 47461 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0803 Remote Vulnerability 47462 Oracle PeopleSoft CVE-2011-0828 Remote PeopleSoft Enterprise Vulnerability 47463 Oracle Portal CVE-2011-0798 Remote Security Vulnerability 47464 Oracle JD Edwards OneWorld Tools CVE-2011-0818 Remote Vulnerability 47465 Oracle PeopleSoft Enterprise CVE-2011-0827 Remote Vulnerability 47466 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0819 Remote Vulnerability 47467 Oracle PeopleSoft Enterprise ELS CVE-2011-0851 Remote Vulnerability 47468 Oracle JD Edwards OneWorld Tools CVE-2011-0823 Remote Vulnerability 47469 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0810 Remote Vulnerability 47470 Oracle PeopleSoft CVE-2011-0861 Remote PeopleSoft Enterprise HRMS Vulnerability 47471 Oracle PeopleSoft CVE-2011-0840 Remote PeopleSoft Enterprise PeopleTools Vulnerability 47472 Oracle Peoplesoft Enterprise CVE-2011-0856 Remote Vulnerability 47473 Oracle InForm CVE-2011-0855 Remote Vulnerability 47475 Oracle Application Server CVE-2011-0795 Remote Security Vulnerability 47476 Oracle Sun Solaris CVE-2011-0829 Local Vulnerability 47477 Oracle Solaris CVE-2011-0812 Local Solaris Vulnerability 47478 Oracle Solaris CVE-2011-0839 Local Solaris Vulnerability 47479 Oracle Oracle JD Edwards EnterpriseOne and OneWorld Tools CVE-2011-0836 Remote Vulnerability 47480 Oracle Solaris CVE-2011-0820 Remote Kernel Vulnerability 47481 Oracle OpenSSO & Java System Access Manager CVE-2011-0847 Remote Vulnerability 47483 Oracle Java Dynamic Management Kit CVE-2011-0849 Remote Vulnerability 47484 Oracle Siebel CVE-2011-0833 Remote Siebel CRM Core Vulnerability 47486 Oracle Siebel CVE-2011-0834 Remote Siebel CRM Core Vulnerability 47487 Oracle Java System Access Manager Policy Agent CVE-2011-0846 Remote Web Proxy Agent Vulnerability 47488 Oracle Siebel CVE-2011-0843 Remote Siebel CRM Core Vulnerability 47489 Oracle Application Server CVE-2011-0789 Remote Security Vulnerability 47490 Oracle OpenSSO & Java System Access Manager CVE-2011-0844 Remote Vulnerability 47491 Oracle Solaris CVE-2011-0801 Local Vulnerability 47492 Oracle Solaris CVE-2011-0813 Local Kernel Vulnerability 47493 Oracle Sun Solaris CVE-2011-0821 Local Vulnerability 47494 Oracle Solaris CVE-2011-0790 Local Vulnerability

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. Tor is prone to an information disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information to launch further attacks. Versions prior to Tor 0.2.2.24 are vulnerable

The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication. This issue may allow websites to bypass certain security restrictions and gain access to potentially sensitive information. This issue was introduced in McAfee Firewall Reporter 5.1.0.6. ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-117 April 11, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: McAfee -- Affected Products: McAfee Firewall Reporter -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10522. -- Vendor Response: McAfee states: Fixed February 9, 2011 Bulletin modified April 11, 2011: https://kc.mcafee.com/corporate/index?page=content&id=SB10015 -- Disclosure Timeline: 2010-09-22 - Vulnerability reported to vendor 2011-04-11 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: McAfee Firewall Reporter Web Interface Security Bypass Vulnerability SECUNIA ADVISORY ID: SA44110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44110 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in McAfee Firewall Reporter, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is reported in version 5.1.0.6. SOLUTION: Update to version 5.1.0.13. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) via ZDI ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10015 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-117/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location. Multiple routers provided by Yamaha contain a denial-of-service vulnerability. Multiple routers provided by Yamaha contain a denial-of-service (DoS) vulnerability due to an issue in processing IP packets. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may cause a denial-of-service (DoS). The Yamaha RT Series Router is a high speed broadband router device. A security vulnerability exists in the Yamaha RT series router when parsing IP packets, allowing an attacker to perform a denial of service attack on the device. Successful exploits will cause the device to crash, denying service to legitimate users. ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Yamaha RT Series Routers IP Header Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44087 RELEASE DATE: 2011-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/44087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Yamaha RT Series Routers, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when parsing certain IP header options and can be exploited to cause a device to reboot via a specially crafted packet. Please see the vendor's advisory for the list of affected products and versions. SOLUTION: Update to a fixed firmware version if available or restrict access to trusted hosts only. Please see the vendor's advisory for more details. ORIGINAL ADVISORY: Yamaha: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html JVN: http://jvn.jp/en/jp/JVN55714408/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. Pure-FTPd in SUSE is prone to a local insecure-file-permissions vulnerability. A local attacker can exploit this issue to overwrite certain files. This may lead to privilege escalation; other attacks may also be possible. ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE pure-ftpd Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA44039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44039 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a vulnerability in the pure-ftpd package for SUSE Linux Enterprise Server, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error related to a world-writable folder created by the "OES pure-ftpd Netware extensions", which can be exploited to manipulate system files and gain escalated privileges. Further information is currently not available. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:0306-1: https://hermes.opensuse.org/messages/7849430 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

vtiger CRM is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.

Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Password Vault Web Access (PVWA) provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access (PVWA) is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability.An arbitrary script may be executed on the web browser of an user who is logged on. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Cyber-Ark PIM Suite Password Vault Web Access Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44058 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cyber-Ark PIM Suite, which can be exploited by malicious people to conduct cross-site scripting attacks. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN11424086/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000023.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Fiberhome HG-110 is an ADSL router device. The Fiberhome HG-110 has a cross-site scripting attack that can lead to the disclosure of sensitive information or unauthorized access to system sensitive files. Fiberhome HG-110 is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information, which may aid in launching further attacks. Fiberhome HG-110 firmware 1.0.0 is vulnerable other versions may also be affected

tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option. Local attackers may exploit this issue to gain elevated privileges; other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2212-1 security@debian.org http://www.debian.org/security/ Nico Golde April 7, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tmux Vulnerability : privilege escalation Problem type : local Debian-specific: yes CVE ID : CVE-2011-1496 Debian bug : 620304 Daniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. The oldstable distribution (lenny) is not affected by this problem, it does not include tmux. For the stable distribution (squeeze), this problem has been fixed in version 1.3-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.4-6. For the testing distribution (sid), this problem has been fixed in version 1.4-6. We recommend that you upgrade your tmux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2eFbcACgkQHYflSXNkfP/NsgCfcy8X81nTclGCQSWTXxX1/wDF o3kAnR7KmINuzH+MnbAls9Vf8Ewib/Bc =jUL0 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for tmux SECUNIA ADVISORY ID: SA44081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44081 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tmux. The security issue is caused due to the application not dropping group privileges and can be exploited to perform certain actions using permissions of the "tmux" group. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: Reported by Daniel Danner in a Debian bug report. ORIGINAL ADVISORY: DSA-2212-1: http://www.debian.org/security/2011/dsa-2212 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter. The device is produced by ZyXEL, it seems it has no other name than the brand "O2 DSL Router Classic". As an example, the form at /Forms/PortForwarding_Edit_1 accepts javascript code for the parameter PortRule_Name, which will be permanently stored. Also, the form has no protection against CSRF. A sample code that will inject permanent javascript when called by a user who is logged into his router: <form id="form1" method="post" action="http://192.168.1.1/Forms/PortForwarding_Edit_1"> <input name="PortRule_Name" value='"><script>alert(7)</script>'> <input name="PortRule_SPort" value="77"> <input name="PortRule_EPort" value="77"> <input name="PortRule_SrvAddr" value="10.0.0.1" > <script> var frm = document.getElementById("form1"); frm.submit(); </script> This is just an example, all forms in the router interface are vulnerable to CSRF and, if they accept text input, to XSS. The vulnerability has been disclosed to O2 in advance without any reply. Disclosure Timeline 2011-02-03: Vendor contacted 2011-04-07: Published advisory This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of schokokeks.org webhosting

The O2 DSL Router Classic is a router. O2 DSL Router Classic has a cross-site request forgery vulnerability. An attacker could exploit the vulnerability to execute arbitrary instructions in the context of a user session. This may aid in other attacks. Other attacks are also possible

vtiger CRM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. A remote attacker can exploit this issue through a rogue DHCP server. Depending on the script and OS, this can result in execution of exploit code on the client. CVSS Score: 6.8 (AV:A/AC:L/Au:N/C:P/I:N/A:C) For more information on CVSS scores, visit http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 Workarounds: On SUSE systems, it is possible to disable hostname update by setting DHCLIENT_SET_HOSTNAME="no" in /etc/sysconfig/network/dhcp. Other systems may add following line to dhclient-script at the beginning of the set_hostname() function: new_host_name=${new_host_name//[^-.a-zA-Z0-9]/} In environments where filters/acls can be put into place to limit clients to accessing only legitimate dhcp servers, this will protect clients from rogue dhcp servers deliberately trying to exploit this bug. However, this will not protect from compromised servers. Active exploits: None known at this time. https://www.isc.org/downloads/all No patch is available for 4.0.x as it is EOL. Anyone running 4.1.x should upgrade to 4.1-ESV-R2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2216-1 security@debian.org http://www.debian.org/security/ Nico Golde April 10, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : isc-dhcp Vulnerability : missing input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2011-0997 Debian bug : 621099 Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. For the oldstable distribution (lenny), this problem has been fixed in additional update for dhcp3. For the stable distribution (squeeze), this problem has been fixed in version 4.1.1-P1-15+squeeze2. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 4.1.1-P1-16.1. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2iJ1AACgkQHYflSXNkfP8fEwCglH3YEMa8hlo7ChGFlvT7K9v5 BMcAoIuGqJofENG1o5SiXU1/E9qEF/Am =5Q/C -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ISC DHCP: Denial of Service Date: January 09, 2013 Bugs: #362453, #378799, #393617, #398763, #428120, #434880 ID: 201301-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service. Background ========== ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dhcp < 4.2.4_p2 >= 4.2.4_p2 Description =========== Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Resolution ========== All ISC DHCP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.4_p2" References ========== [ 1 ] CVE-2011-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0997 [ 2 ] CVE-2011-2748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2748 [ 3 ] CVE-2011-2749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2749 [ 4 ] CVE-2011-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539 [ 5 ] CVE-2011-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4868 [ 6 ] CVE-2012-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3570 [ 7 ] CVE-2012-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3571 [ 8 ] CVE-2012-3954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3954 [ 9 ] CVE-2012-3955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3955 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available and addresses the following: Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses Description: dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script. CVE-ID CVE-2011-0997 : Sebastian Krahmer and Marius Tomaschewski of the SUSE Security Team working with ISC Installation note for Firmware version 7.6 Firmware version 7.6 is installed into Time Capsule or AirPort Base Station with 802.11n via AirPort Utility, provided with the device. It is recommended that AirPort Utility 5.5.3 or later be installed before upgrading to Firmware version 7.6. ========================================================================== Ubuntu Security Notice USN-1108-2 April 19, 2011 dhcp3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 Summary: An attacker's DHCP server could send crafted responses to your computer and cause it to run programs as root. Software Description: - dhcp3: DHCP Client Details: USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. Original advisory details: Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: dhcp3-client 3.1.3-2ubuntu6.2 Ubuntu 10.04 LTS: dhcp3-client 3.1.3-2ubuntu3.2 Ubuntu 9.10: dhcp3-client 3.1.2-1ubuntu7.3 In general, a standard system update will make all the necessary changes. References: CVE-2011-0997 Package Information: https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu6.2 https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu3.2 https://launchpad.net/ubuntu/+source/dhcp3/3.1.2-1ubuntu7.3 . ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: ISC DHCP "dhclient" Response Processing Input Sanitation Vulnerability SECUNIA ADVISORY ID: SA44037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44037 RELEASE DATE: 2011-04-07 DISCUSS ADVISORY: http://secunia.com/advisories/44037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to compromise a vulnerable system. This can be exploited to submit shell commands to the "dhclient-script" script via e.g. a specially crafted "hostname" response. The vulnerability is reported in versions 3.0.x through 4.2.x. SOLUTION: Update to version 3.1-ESV-R1 and 4.1-ESV-R2 or 4.2.1-P1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sebastian Krahmer and Marius Tomaschewski, SUSE Security Team. ORIGINAL ADVISORY: https://www.isc.org/software/dhcp/advisories/cve-2011-0997 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.diff.gz Size/MD5: 68426 b4a36d1b44e8276211cef0b9bfbb6ea5 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.dsc Size/MD5: 1428 2fe76544defdfa3d4ab61d548ea5bc03 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3.orig.tar.gz Size/MD5: 870240 f91416a0b8ed3fd0601688cf0b7df58f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_amd64.deb Size/MD5: 221524 2cc3c7815cb6e6a2cc21d0c2a6286202 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_amd64.deb Size/MD5: 454060 4d6e00d001d85359af4777316c012038 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_amd64.deb Size/MD5: 131252 bf862b9ce2cc9888f9e617f42c0d8f77 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_amd64.deb Size/MD5: 321024 383390887daadd122e7e66a9896e0432 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_amd64.udeb Size/MD5: 177440 04a6bc2b53da66245b8b79b71d8f82ed http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_amd64.deb Size/MD5: 105842 9616c95d8f2d487fd330fb9b33c58474 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_i386.deb Size/MD5: 196930 ebaee96958395481e8c9c25a6591c1a3 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_i386.deb Size/MD5: 431162 6fec8eaee0c753e95193f507e3c2c1eb http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_i386.deb Size/MD5: 117544 76fd573dc96ade71033c31e9965a1ede http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_i386.deb Size/MD5: 289684 8d0c386dc142ca3e69766e26fa6ced00 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_i386.udeb Size/MD5: 152296 98cdda8ba797a8f3532e2db2c95f5329 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_i386.deb Size/MD5: 94176 369f369a8fd6b58df3e293a5264c8047 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_powerpc.deb Size/MD5: 203612 da623d9e1694169cfc1de56f2e0df6e4 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_powerpc.deb Size/MD5: 435818 a6f18c0a5083885f0f3ad270a52f1ea9 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_powerpc.deb Size/MD5: 130290 8ed50d04b1c91276b0bdf19b3cda3fcd http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_powerpc.deb Size/MD5: 297742 95b7742e4fb7c4720add03965ef51b45 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_powerpc.udeb Size/MD5: 158466 61e6403a4a5db1783c43fbfe6ad74e8c http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_powerpc.deb Size/MD5: 96696 a7d275b7895e47d8141fab29a3db415b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_sparc.deb Size/MD5: 200826 04fe774f2349b12af88465a96a4443b4 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_sparc.deb Size/MD5: 434238 c71c8b52f5324385d13e3610e7bef30e http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_sparc.deb Size/MD5: 126784 ca67a9bd308dfb73bf85906f53e8ae6b http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_sparc.deb Size/MD5: 294084 628696dfa6a0c9a2713b7fde4390d700 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_sparc.udeb Size/MD5: 156068 907d41b490e6155c580b83cec96e3f71 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_sparc.deb Size/MD5: 96810 d1559518c2fc467cf6244ee8cd29176b Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.diff.gz Size/MD5: 97783 a2e0e7077df662a15c039c462ecd8e3d http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.dsc Size/MD5: 1537 ccf77a9747dc8cbc6b65e0d94ab9c43b http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg.orig.tar.gz Size/MD5: 724045 e89ef34005c576ddbb229e3b4478f6e2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_amd64.udeb Size/MD5: 180140 9b8c326a22be742b43e2b8d9b07d4f86 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_amd64.deb Size/MD5: 242126 8053c2330e512d48f0318af10079c50a http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_amd64.deb Size/MD5: 300696 15bbfae5ba97f27d0c896b886773f02b http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_amd64.deb Size/MD5: 124032 82fe33e521c7ee08b7a00596acc8cb8d http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_amd64.deb Size/MD5: 342596 40acd4d59e72be79a5c930254bee0223 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_amd64.deb Size/MD5: 114396 5e5c7a86cec5ef70f927cbf53fffec4d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_i386.udeb Size/MD5: 159988 7c2cd082adad4cdae500b88b9429ea24 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_i386.deb Size/MD5: 221966 92748d084525779ad31fe09ae76ca8d5 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_i386.deb Size/MD5: 281564 0e64a350c9599b473f42949dbaa44533 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_i386.deb Size/MD5: 109818 5ef8d14534865cdf0b63699e54ab684a http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_i386.deb Size/MD5: 318748 205746468ea8d58f1babe96c28f46983 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_i386.deb Size/MD5: 103376 15e19ab3867304e29f59f3e97170f145 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_lpia.udeb Size/MD5: 158248 1ce010480a0ea9a1a8683995ab5c9b68 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_lpia.deb Size/MD5: 220236 d0c1551dde51da5503fe3be6288a23bb http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_lpia.deb Size/MD5: 279790 cf35fa8aaca649fd85366e684628a580 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_lpia.deb Size/MD5: 109062 d1ff75192f05906028ac9001483529da http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_lpia.deb Size/MD5: 316576 6f95deb3879a7c38c0f9cd1ba1ff0228 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_lpia.deb Size/MD5: 102310 d4b1c32f8c1d1a6383fc09580e46ec79 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_powerpc.udeb Size/MD5: 177278 29a10d5d08bc3797b67770a4028758ff http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_powerpc.deb Size/MD5: 242046 27324a8f5623a94ff813148a5267fb4b http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_powerpc.deb Size/MD5: 296498 4b8af066dc6c2481e4ff360800c04e74 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_powerpc.deb Size/MD5: 122548 9ad8db4fbd23f1760d1bc123b01f014b http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_powerpc.deb Size/MD5: 341860 28075deaecbdc1d77166dcb1623a8c85 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_powerpc.deb Size/MD5: 112934 766413326d6486146da4aec03a2654bc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_sparc.udeb Size/MD5: 156574 742d54969d6dd68e7ac86ca00e1b1832 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_sparc.deb Size/MD5: 218754 60013fe472200e1bf45d9b02d80a244e http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_sparc.deb Size/MD5: 277066 bf1034124c51ddacf732c2887957a46e http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_sparc.deb Size/MD5: 113494 b50639e27d92c0ababba9fab23242d7d http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_sparc.deb Size/MD5: 313426 b93d5ec9d7ea9717a79d6bf2bb80a285 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_sparc.deb Size/MD5: 102930 df99654fbd9e6f5aba7f962adb9d6470 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.diff.gz Size/MD5: 141611 0cab5bee752928f3c9f0c8e1ded26167 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.dsc Size/MD5: 1955 a26905456538cd0d30e924e488302fc4 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2.orig.tar.gz Size/MD5: 799626 85901a9554650030df7d1ef3e5959fdf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.2-1ubuntu7.2_all.deb Size/MD5: 26206 905e286082551fcbc23916052de7e2fa amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_amd64.udeb Size/MD5: 208604 5bb8643607d5f416205174f97d443e8e http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_amd64.deb Size/MD5: 270930 fa0267775f2471f0be30499bf121b6e7 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_amd64.deb Size/MD5: 332152 ee101e67b7ad97bd410e983da115484d http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_amd64.deb Size/MD5: 127130 0d4b4a1dc992d56f8c01d94990290910 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_amd64.deb Size/MD5: 395062 a5ab658903283a97dd658e5cdfe6a45e http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_amd64.deb Size/MD5: 125444 6f12bfb86b46567aa8e2ecba8af1852e http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_amd64.deb Size/MD5: 348242 8fe33e4a7afac6d5a952d0c158d7ed45 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_i386.udeb Size/MD5: 191210 64285abd7e68c517eefcf3ff5eecb909 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_i386.deb Size/MD5: 252916 749769cec2a5d0cdfe5ddb67e6864270 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_i386.deb Size/MD5: 315850 e0deb4932a763831adc3e73cf0f068fa http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_i386.deb Size/MD5: 116650 434d9e26a1b3b5a4b5fd94bea2c581b4 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_i386.deb Size/MD5: 372288 481d9d80e948895969b72be4b825fbb8 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_i386.deb Size/MD5: 116424 49010850bef64719353588c5d88e6714 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_i386.deb Size/MD5: 326174 7f328cba4c811d5d56582328f1ad6b1d armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_armel.udeb Size/MD5: 174400 4ed674aa3f13c4c4012def78b6cfd62f http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_armel.deb Size/MD5: 236228 c14a8f75dc70e363afb2e39b9b6c9b68 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_armel.deb Size/MD5: 300026 8183f7371713d8ddc8bd2b8f8d979794 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_armel.deb Size/MD5: 112806 41dcceea5abd7feac4f1f7465b3892b7 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_armel.deb Size/MD5: 349366 ea2f47d49b065c252caeb33d9d273363 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_armel.deb Size/MD5: 108672 f277fadf0e50c5325b20f8001f30108a http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_armel.deb Size/MD5: 301210 76887fde4612e80131c94a00b328a874 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_lpia.udeb Size/MD5: 187330 e70af0ba0633b7a10c666f2f2e30b017 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_lpia.deb Size/MD5: 249154 bde848f0444ac204f0781d848771b2e7 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_lpia.deb Size/MD5: 312056 e131e50d9159fb5a7cf92bd7532c6d5b http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_lpia.deb Size/MD5: 115610 6bf9bc6ccc3986f7bda77f6e0929bd2b http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_lpia.deb Size/MD5: 368276 a5d4ce07f31b702817fb3d3961fd8a7b http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_lpia.deb Size/MD5: 114588 d030b6a51bf6eb1b682c88fcfc92cdda http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_lpia.deb Size/MD5: 321710 5c51aac0b4ea78167072cce854d63f47 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_powerpc.udeb Size/MD5: 199998 aff548b71963695089f418a502bc5e01 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_powerpc.deb Size/MD5: 262344 a4799a7b4c6d6d91120ef36537485080 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_powerpc.deb Size/MD5: 324014 c6be94d8dda2d47ea08c3f1277160eda http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_powerpc.deb Size/MD5: 120394 4b35e8aa5a363a659daa6232a0a76501 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_powerpc.deb Size/MD5: 382434 9c71333d4f8ccc12d14996fa42ba60b7 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_powerpc.deb Size/MD5: 120310 32c5affaeb955349a26cae2bd9c92236 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_powerpc.deb Size/MD5: 335902 5460f8f32a30489940cf69855983ed3c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_sparc.udeb Size/MD5: 203458 038c030a32c3d74e3d20cb4f8eaf5336 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_sparc.deb Size/MD5: 265862 67e06c4f7f5352a3248060245f41837c http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_sparc.deb Size/MD5: 324634 873eeaf81f86f69e1de8f2c9c2335fda http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_sparc.deb Size/MD5: 116874 4583b6c0cd5cf6abf8fc81ae1c5656a2 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_sparc.deb Size/MD5: 387388 d31379a7fe21d36761ce6d6e01d51ba7 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_sparc.deb Size/MD5: 121616 62ed8721ad7cfe9f45448c321be12340 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_sparc.deb Size/MD5: 341160 9e72b31fccc6ca7d33fcf814f7cca8be Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.diff.gz Size/MD5: 145049 762c8d99c1e8e1245830ff0cfc9c22cf http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.dsc Size/MD5: 1950 6fc0ed0a5f2f2897b25cb127fdf599bb http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz Size/MD5: 804097 6ee8af8b283c95b3b4db5e88b6dd9a26 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu3.1_all.deb Size/MD5: 27294 5873371bf57e765fd69a49ab238f7f5f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_amd64.udeb Size/MD5: 208924 47388e6df5a8a88758f893f0157f7a49 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_amd64.deb Size/MD5: 273438 3e968127e7212b682e23422ccd498a51 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_amd64.deb Size/MD5: 335524 c2231ce6ce81fa1a61f33b50879ea8e7 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_amd64.deb Size/MD5: 127748 31baa39d20b53e7200b146bb5e1dbc7a http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_amd64.deb Size/MD5: 396594 05f2652d1223dbbf59bcfdb86503ec81 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_amd64.deb Size/MD5: 126830 2017ee773f9e4c4136e6604003978a72 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_amd64.deb Size/MD5: 349758 3a07e9f0c5b36e05024e98f2e01e7a36 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_i386.udeb Size/MD5: 191468 7efe2e4b59392afda8ef1c8d69aa04cd http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_i386.deb Size/MD5: 256600 1b24883c7ee056fcbcda20cc1d82673e http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_i386.deb Size/MD5: 318512 8ad3080333f5d86ad40548de9cfced43 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_i386.deb Size/MD5: 118816 c679db32ae992ca9f6fc5473e81df94a http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_i386.deb Size/MD5: 376744 e3b708777fcd15c84240e43bf08b5d7e http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_i386.deb Size/MD5: 117698 b0dfb728d6d9f69c9af3910744b1fbb8 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_i386.deb Size/MD5: 328168 617edc965494055443d2c43326c411d7 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_armel.udeb Size/MD5: 180926 3969ae580d52c38b45d63ac388cbbe4d http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_armel.deb Size/MD5: 246116 4956ee0ca5be72ee8ece1cd89ccf5082 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_armel.deb Size/MD5: 309348 c8567f86659a5670b6c7167a106bf71a http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_armel.deb Size/MD5: 115350 023f49615f6ca0a8f2367e816921fa8d http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_armel.deb Size/MD5: 361242 b8e92e0d7ee35dccf62349627513b3d5 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_armel.deb Size/MD5: 113136 ecc1eca1107bf3d2a85145c87800f0a9 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_armel.deb Size/MD5: 314078 a09784b9e5545593b771e8db596b70ad powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_powerpc.udeb Size/MD5: 200432 0db5e288252f7cec9511aeedd6328a87 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_powerpc.deb Size/MD5: 265410 78eb3d25b509d5d3669a33bf8603b0df http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_powerpc.deb Size/MD5: 327180 9d47f9f6bd35ebd5e53e68ff8cf27473 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_powerpc.deb Size/MD5: 121552 7d955d50534795154e471aea30341fe1 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_powerpc.deb Size/MD5: 385370 dd7f5ffd85a725a8cb4f8fe6a067d0bb http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_powerpc.deb Size/MD5: 121446 0ccdd1ca74fcd96be84596ce324f967e http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_powerpc.deb Size/MD5: 337410 54549752057dc73a3e35a158b871ea36 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_sparc.udeb Size/MD5: 212712 be3c531c2fffd6ad83501e44015a3532 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_sparc.deb Size/MD5: 277974 5a9ee5790cc705c845cd085c71d001b5 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_sparc.deb Size/MD5: 335174 22b404e90f206772c786f968392ecef1 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_sparc.deb Size/MD5: 121764 97643d01dd5dd3eb06859cb881312e6d http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_sparc.deb Size/MD5: 402564 889e3a0882bebb5b4ceb4df3c805d883 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_sparc.deb Size/MD5: 126888 546ab5281e2ba4672471a30fce814e36 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_sparc.deb Size/MD5: 353712 64fcbf89ca8fd7af9aa2a9bd66739170 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.diff.gz Size/MD5: 151417 604106743c8429a59b9b8af55de854f7 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.dsc Size/MD5: 1962 792f947b2a6c3020c45ca1b56771c77e http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz Size/MD5: 804097 6ee8af8b283c95b3b4db5e88b6dd9a26 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu6.1_all.deb Size/MD5: 27778 319b0ce429e455b13a2248cc2cbe3491 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_amd64.udeb Size/MD5: 208588 f4d4d2a63016b2b9960654be7c04b9c5 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_amd64.deb Size/MD5: 274192 4005626ae7c8ed06bf15a1e014968ebd http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_amd64.deb Size/MD5: 335392 3f745248ea2b2c54e1771f1789cd13dc http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_amd64.deb Size/MD5: 128922 dc2dd29ead86d887a22da63f27ae9692 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_amd64.deb Size/MD5: 398270 ffd780e99cb19cc3884703ec930a68cb http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_amd64.deb Size/MD5: 126752 a4d3f03e0855ce6ef4cf6a75f33198d1 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_amd64.deb Size/MD5: 349942 430e5e501488da92c3b4e2f2a685912a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_i386.udeb Size/MD5: 190312 23ced3137d0e056d9ce13dd41e656af3 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_i386.deb Size/MD5: 255768 07cfc1c5db7b6d8585e9a00513699049 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_i386.deb Size/MD5: 317854 f9a58ae40c5f2645e17e2a9349f07edf http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_i386.deb Size/MD5: 119094 9af94d26ecd3ce03c9d059ab8db5ff46 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_i386.deb Size/MD5: 376052 2dd5ab42f28d13baab1d332c92fcdbcf http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_i386.deb Size/MD5: 117472 9638997daef5f353621a3adea0f054d5 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_i386.deb Size/MD5: 327368 93d8a202391be7d55484901a7fa00f09 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_armel.udeb Size/MD5: 191162 ea1961dc40672d12302dcb3e0ae62c44 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_armel.deb Size/MD5: 256344 fd6d84d8ca333a1e0cc0efc4c26df7cb http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_armel.deb Size/MD5: 319110 4ed5fb07ce8a4997c1132f96e4c29e39 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_armel.deb Size/MD5: 118586 ade0a8cfa1217ae39ff58bea47e4faa0 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_armel.deb Size/MD5: 377976 7f26e7b4442f8b17b8178fc7b44e6720 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_armel.deb Size/MD5: 118802 ee96894319dbf620dbf981a2493cefa0 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_armel.deb Size/MD5: 328204 3a65c3fb55385716b19bbb6fce72ab07 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_powerpc.udeb Size/MD5: 199526 1a984e2503c1a015134cf94e273b768a http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_powerpc.deb Size/MD5: 264952 7a2139af6f6681dae88cd826c04ce61e http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_powerpc.deb Size/MD5: 326646 8a1aaf899283814de8b8bcca6125576d http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_powerpc.deb Size/MD5: 121952 90719742a1e133ae5edb9c5d6e72ad06 http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_powerpc.deb Size/MD5: 384922 1cb9a8d40d9405b061b28cd2236d3acd http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_powerpc.deb Size/MD5: 121542 81b420f37a81e5a05e5aadeaf1cb47c3 http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_powerpc.deb Size/MD5: 336918 26cba2f6096556526ce2a64556f571e5

The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. NetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass. Netgear ProSafe Wireless Access Point (WNAP210) Has multiple vulnerabilities. Netgear Provided by WNAP210 Has two vulnerabilities. This configuration stores the administrator password in clear text. NETGEAR WNAP210 has a security bypass vulnerability in its implementation. WNAP210 firmware 2.0.12 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA44045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44045 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Netgear ProSafe Wireless-N Access Point WNAP210, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions. SOLUTION: Update to the latest firmware. Please contact the vendor for more details. PROVIDED AND/OR DISCOVERED BY: Trevor Seward via US-CERT. ORIGINAL ADVISORY: US-CERT VU#644812: http://www.kb.cert.org/vuls/id/644812 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. Netgear ProSafe Wireless Access Point (WNAP210) Has multiple vulnerabilities. Netgear Provided by WNAP210 Has two vulnerabilities. An attacker with a network access device can browse the WEB page http://NetGearDeviceIP/BackupConfig.php, which will prompt the attacker to download the device configuration without any login authentication. Access to the BackupConfig.php script is not properly restricted and can be used to download configuration files for backup and leak administrator passwords. WNAP210 firmware 2.0.12 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA44045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44045 RELEASE DATE: 2011-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/44045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Netgear ProSafe Wireless-N Access Point WNAP210, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions. SOLUTION: Update to the latest firmware. Please contact the vendor for more details. PROVIDED AND/OR DISCOVERED BY: Trevor Seward via US-CERT. ORIGINAL ADVISORY: US-CERT VU#644812: http://www.kb.cert.org/vuls/id/644812 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password. Dell Kace K2000 Systems Deployment Appliance Contains a vulnerability. Dell Kace K2000 Systems Deployment Appliance Is Windows You are using a file share for installation. This file share has a hidden attribute, Windows Contains files used at startup. Access to this file share is not restricted and may be accessed without authentication. In addition, Dell The following vulnerability information has been released. This hidden, read-only fileshare is populated with pre- and post-installation tasks as well as deployment bootfiles and media used for Windows network operating system installs (called "Scripted Installs") and imaging (called "K-images"). This fileshare is hidden. Dell Kace K2000 is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks

Juniper Networks' Secure Access is an enterprise-class SSL VPN access device running on Juniper IVE OS. There is an unspecified error in the Network Connect Credential Provider implementation provided by Juniper Networks Secure Access, which can be exploited by remote attackers to bypass authentication on Windows 7 and Windows Vista. ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: Juniper IVE Network Connect Credential Provider Security Bypass SECUNIA ADVISORY ID: SA43983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43983 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Juniper Networks Secure Access, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 6.5R9, 7.0R4, or 7.1R1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2011-03-187&viewMode=view OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------