VARIoT IoT vulnerabilities database
| VAR-201011-0285 | No CVE | Fujitsu Interstage Multiple Product IP Address Restriction Bypass Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: LOW |
There are security vulnerabilities in multiple Fujitsu Interstage products that allow malicious users to bypass some security restrictions. When access is restricted by IP, an attacker can exploit the vulnerability to submit requests using impermissible IP addresses, bypassing restrictions, and obtaining sensitive information.
Successful exploits may allow attackers to bypass detection rules; this may aid in further attacks.
Given the nature of this issue, attackers may also be able to access sensitive information. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Fujitsu Interstage Products IP Address Restriction Bypass Security
Issue
SECUNIA ADVISORY ID:
SA42266
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42266/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42266
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42266/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42266/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42266
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in multiple Fujitsu Interstage
products, which can be exploited by malicious people to bypass
certain security restrictions.
Please see the vendor's advisory for a list of affected products and
versions.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-201006e.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0264 | CVE-2010-3909 |
vtiger CRM of config.template.php Vulnerable to arbitrary code execution
Related entries in the VARIoT exploits database: VAR-E-201011-0943 |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. vtiger CRM is prone to a remote security vulnerability. vtiger CRM is an open source web-based customer relationship management system. There is an incomplete blacklist vulnerability in the config.template.php file in vtiger CRM versions prior to 5.2.1. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42246
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42246/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been discovered in vtiger CRM, which can be
exploited by malicious users to compromise a vulnerable system and by
malicious people to conduct cross-site scripting attacks and disclose
sensitive information.
1) An error exists in the file upload functionality due to the emails
module not properly checking file names and extensions. This can be
exploited to upload and execute arbitrary PHP code e.g. via ".phtml"
files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or
the "current_language" parameter to graph.php is not properly
verified in the "return_application_language()" function in
include/utils/utils.php before being used to include files. This can
be exploited to include arbitrary file from local resources via
directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to
index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module"
is set to "Settings" and "action" is set to "GetFieldInfo") is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions
may also be affected.
SOLUTION:
Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY:
Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY:
vtiger CRM:
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi:
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0265 | CVE-2010-3910 |
vtiger CRM of return_application_language Function vulnerable to directory traversal
Related entries in the VARIoT exploits database: VAR-E-201011-0943 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. vtiger CRM of return_application_language The function contains a directory traversal vulnerability.By a third party, phprint.php To lang_crm Parameters, or fraph.php To Accouonts Import In operation current_language In the parameter .. ( Half-width period 2 One ) Via file inclusion and arbitrary local files could be executed. vtiger CRM is prone to a file-upload vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42246
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42246/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been discovered in vtiger CRM, which can be
exploited by malicious users to compromise a vulnerable system and by
malicious people to conduct cross-site scripting attacks and disclose
sensitive information.
1) An error exists in the file upload functionality due to the emails
module not properly checking file names and extensions. This can be
exploited to upload and execute arbitrary PHP code e.g. via ".phtml"
files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or
the "current_language" parameter to graph.php is not properly
verified in the "return_application_language()" function in
include/utils/utils.php before being used to include files.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to
index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module"
is set to "Settings" and "action" is set to "GetFieldInfo") is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions
may also be affected.
SOLUTION:
Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY:
Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY:
vtiger CRM:
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi:
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0266 | CVE-2010-3911 |
vtiger CRM Vulnerable to cross-site scripting
Related entries in the VARIoT exploits database: VAR-E-201011-0943 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. vtiger CRM is prone to a cross-site scripting vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42246
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42246/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been discovered in vtiger CRM, which can be
exploited by malicious users to compromise a vulnerable system and by
malicious people to conduct cross-site scripting attacks and disclose
sensitive information.
1) An error exists in the file upload functionality due to the emails
module not properly checking file names and extensions. This can be
exploited to upload and execute arbitrary PHP code e.g. via ".phtml"
files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or
the "current_language" parameter to graph.php is not properly
verified in the "return_application_language()" function in
include/utils/utils.php before being used to include files. This can
be exploited to include arbitrary file from local resources via
directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to
index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module"
is set to "Settings" and "action" is set to "GetFieldInfo") is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions
may also be affected.
SOLUTION:
Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY:
Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY:
vtiger CRM:
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi:
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0165 | CVE-2010-3804 | Apple Safari of WebKit Is in JavaScript User-trackable vulnerabilities in implementation |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. The problem is CVE-2008-5913 and CVE-2010-3171 And related issues.A third party can track users by predicting the seed value. WebKit is prone to a random-number-generator weakness.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to track user sessions and obtain personal information that can aid in further attacks.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0164 | CVE-2010-3803 | Apple Safari of WebKit Integer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0163 | CVE-2010-3809 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0162 | CVE-2010-3808 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Transformation of unspecified variables. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0161 | CVE-2010-3805 | Apple Safari of WebKit In JavaScript Integer underflow vulnerability in implementation |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. The problem is CVE-2010-3254 May be duplicated.Arbitrary code execution or denial of service by a third party (DoS) May be in a state. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is an open source web browser engine currently used by browsers such as Safari and Chrome. Apple Safari is the default WEB browser bundled with the Apple family of operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0058 | CVE-2010-3817 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0057 | CVE-2010-3816 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Apple Safari of WebKit Is inadequate in the processing related to the scroll bar, so arbitrary code is executed or service operation is interrupted (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0055 | CVE-2010-3820 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0054 | CVE-2010-3819 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0053 | CVE-2010-3818 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0048 | CVE-2010-3826 | Apple Safari of WebKit Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is an invalid conversion problem in WebKit's processing of colors in SVG documents. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0047 | CVE-2010-3824 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0046 | CVE-2010-3823 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. This vulnerability CVE-2010-3415 And may be duplicated.Arbitrary code is executed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0045 | CVE-2010-3822 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0044 | CVE-2010-3821 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0043 | CVE-2010-3813 | Apple Safari of WebKit In DNS Vulnerability that bypasses read-ahead settings |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. WebKit is prone to a security-bypass vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful exploits will allow clients to send requests to malicious servers that can aid in further attacks.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A remote attacker could exploit this vulnerability to bypass preset access restrictions. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
The updated packages have been upgraded to the latest version (1.2.7)
to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Multiple packages, Multiple vulnerabilities fixed in 2011
Date: December 11, 2014
Bugs: #194151, #294253, #294256, #334087, #344059, #346897,
#350598, #352608, #354209, #355207, #356893, #358611,
#358785, #358789, #360891, #361397, #362185, #366697,
#366699, #369069, #370839, #372971, #376793, #381169,
#386321, #386361
ID: 201412-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
This GLSA contains notification of vulnerabilities found in several
Gentoo packages which have been fixed prior to January 1, 2012. The
worst of these vulnerabilities could lead to local privilege escalation
and remote code execution. Please see the package list and CVE
identifiers below for more information.
Background
==========
For more information on the packages listed in this GLSA, please see
their homepage referenced in the ebuild.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable!
2 media-libs/fmod < 4.38.00 >= 4.38.00
3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0
4 sys-fs/lvm2 < 2.02.72 >= 2.02.72
5 app-office/gnucash < 2.4.4 >= 2.4.4
6 media-libs/xine-lib < 1.1.19 >= 1.1.19
7 media-sound/lastfmplayer
< 1.5.4.26862-r3 >= 1.5.4.26862-r3
8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7
9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3
10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1
11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1
12 sys-cluster/resource-agents
< 1.0.4-r1 >= 1.0.4-r1
13 net-misc/mrouted < 3.9.5 >= 3.9.5
14 net-misc/rsync < 3.0.8 >= 3.0.8
15 dev-libs/xmlsec < 1.2.17 >= 1.2.17
16 x11-apps/xrdb < 1.0.9 >= 1.0.9
17 net-misc/vino < 2.32.2 >= 2.32.2
18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1
19 app-admin/syslog-ng < 3.2.4 >= 3.2.4
20 net-analyzer/sflowtool < 3.20 >= 3.20
21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3
22 net-libs/libsoup < 2.34.3 >= 2.34.3
23 app-misc/ca-certificates
< 20110502-r1 >= 20110502-r1
24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1
25 dev-util/qt-creator < 2.1.0 >= 2.1.0
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
25 affected packages
Description
===========
Vulnerabilities have been discovered in the packages listed below.
Please review the CVE identifiers in the Reference section for details.
* FMOD Studio
* PEAR Mail
* LVM2
* GnuCash
* xine-lib
* Last.fm Scrobbler
* WebKitGTK+
* shadow tool suite
* PEAR
* unixODBC
* Resource Agents
* mrouted
* rsync
* XML Security Library
* xrdb
* Vino
* OProfile
* syslog-ng
* sFlow Toolkit
* GNOME Display Manager
* libsoup
* CA Certificates
* Gitolite
* QtCreator
* Racer
Impact
======
A context-dependent attacker may be able to gain escalated privileges,
execute arbitrary code, cause Denial of Service, obtain sensitive
information, or otherwise bypass security restrictions.
Workaround
==========
There are no known workarounds at this time.
Resolution
==========
All FMOD Studio users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00"
All PEAR Mail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0"
All LVM2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72"
All GnuCash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4"
All xine-lib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19"
All Last.fm Scrobbler users should upgrade to the latest version:
# emerge --sync
# emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3"
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7"
All shadow tool suite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3"
All PEAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1"
All unixODBC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1"
All Resource Agents users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1"
All mrouted users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5"
All rsync users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8"
All XML Security Library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17"
All xrdb users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9"
All Vino users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2"
All OProfile users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1"
All syslog-ng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4"
All sFlow Toolkit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20"
All GNOME Display Manager users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3"
All libsoup users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3"
All CA Certificates users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1"
All Gitolite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1"
All QtCreator users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0"
Gentoo has discontinued support for Racer. We recommend that users
unmerge Racer:
# emerge --unmerge "games-sports/racer-bin"
NOTE: This is a legacy GLSA. Updates for all affected architectures
have been available since 2012. It is likely that your system is
already no longer affected by these issues.
References
==========
[ 1 ] CVE-2007-4370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370
[ 2 ] CVE-2009-4023
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023
[ 3 ] CVE-2009-4111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111
[ 4 ] CVE-2010-0778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778
[ 5 ] CVE-2010-1780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780
[ 6 ] CVE-2010-1782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782
[ 7 ] CVE-2010-1783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783
[ 8 ] CVE-2010-1784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784
[ 9 ] CVE-2010-1785
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785
[ 10 ] CVE-2010-1786
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786
[ 11 ] CVE-2010-1787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787
[ 12 ] CVE-2010-1788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788
[ 13 ] CVE-2010-1790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790
[ 14 ] CVE-2010-1791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791
[ 15 ] CVE-2010-1792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792
[ 16 ] CVE-2010-1793
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793
[ 17 ] CVE-2010-1807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807
[ 18 ] CVE-2010-1812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812
[ 19 ] CVE-2010-1814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814
[ 20 ] CVE-2010-1815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815
[ 21 ] CVE-2010-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526
[ 22 ] CVE-2010-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901
[ 23 ] CVE-2010-3255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255
[ 24 ] CVE-2010-3257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257
[ 25 ] CVE-2010-3259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259
[ 26 ] CVE-2010-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362
[ 27 ] CVE-2010-3374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374
[ 28 ] CVE-2010-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389
[ 29 ] CVE-2010-3812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812
[ 30 ] CVE-2010-3813
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813
[ 31 ] CVE-2010-3999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999
[ 32 ] CVE-2010-4042
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042
[ 33 ] CVE-2010-4197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197
[ 34 ] CVE-2010-4198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198
[ 35 ] CVE-2010-4204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204
[ 36 ] CVE-2010-4206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206
[ 37 ] CVE-2010-4492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492
[ 38 ] CVE-2010-4493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493
[ 39 ] CVE-2010-4577
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577
[ 40 ] CVE-2010-4578
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578
[ 41 ] CVE-2011-0007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007
[ 42 ] CVE-2011-0465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465
[ 43 ] CVE-2011-0482
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482
[ 44 ] CVE-2011-0721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721
[ 45 ] CVE-2011-0727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727
[ 46 ] CVE-2011-0904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904
[ 47 ] CVE-2011-0905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905
[ 48 ] CVE-2011-1072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072
[ 49 ] CVE-2011-1097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097
[ 50 ] CVE-2011-1144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144
[ 51 ] CVE-2011-1425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425
[ 52 ] CVE-2011-1572
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572
[ 53 ] CVE-2011-1760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760
[ 54 ] CVE-2011-1951
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951
[ 55 ] CVE-2011-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471
[ 56 ] CVE-2011-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472
[ 57 ] CVE-2011-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473
[ 58 ] CVE-2011-2524
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524
[ 59 ] CVE-2011-3365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365
[ 60 ] CVE-2011-3366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366
[ 61 ] CVE-2011-3367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-1195-1
August 23, 2011
webkit vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
libwebkit-1.0-2 1.2.7-0ubuntu0.10.10.1
Ubuntu 10.04 LTS:
libwebkit-1.0-2 1.2.7-0ubuntu0.10.04.1
After a standard system update you need to restart any applications that
use WebKit, such as Epiphany and Midori, to make all the necessary changes