VARIoT IoT vulnerabilities database

ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. A remote buffer overflow vulnerability affects the International Color Consortium (ICC) color profile processing functionality of Apple ColorSync. This issue is due to a failure of the application to properly validate user-supplied data prior to copying it into static process buffers. An attacker may leverage this issue to execute arbitrary code in the context of the ColorSync utility; it is currently unknown whether the ColorSync utility runs with superuser privileges, although it is likely

Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code. iSync's 'mRouter' binary is reportedly susceptible to a local command line argument buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into an insufficiently sized memory buffer. The 'mRouter' binary is installed by default with setuid superuser permissions. This vulnerability allows users with local interactive access to a computer with the affected application installed to gain superuser privileges. Apple Mac OS X is a dedicated operating system developed by Apple for Mac computers. A local user could exploit this vulnerability to execute arbitrary code

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable. An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code

Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory. An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Due to the availability of more information, this issue is being assigned a new BID. Apple has supported Bluetooth devices since Mac OSX 10.2

Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. The vulnerability presents itself when the application handles excessive string values supplied through the '-i' command line parameter. An attacker can gain superuser privileges by exploiting this issue. Due to the availability of more information, this issue is being assinged a new BID. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15227 VERIFY ADVISORY: http://secunia.com/advisories/15227/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. 2) An integer overflow error in the AppKit component when processing TIFF files can be exploited by malicious people to compromise a user's system. For more information: SA13607 3) An error in the AppKit component when parsing certain TIFF images can result in an invalid call to the "NXSeek()" function, which will crash an affected Cocoa application. 4) An error within the handling of AppleScript can be exploited to display code to a user that is different than the code, which will actually run. 5) An error in the Bluetooth support may cause Bluetooth-enabled systems to share files via the Bluetooth file exchange service without notifying the user properly. 6) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services. 7) The chfn, chpass, and chsh utilities invoke certain external helper programs insecurely, which can be exploited by malicious, local users to gain escalated privileges. 8) A vulnerability in Finder can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges due to insecure creation of ".DS_Store" files. For more information: SA14188 9) A boundary error within the Foundation framework when handling environment variables can be exploited to cause a buffer overflow and may allow execution of arbitrary code. 10) An error in Help Viewer can be exploited to run JavaScript without the normally imposed security restrictions. 11) A security issue in the LDAP functionality may under certain circumstances result in passwords initially being stored in plain text. 12) Errors within the parsing of XPM files can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA12549 13) An error in lukemftpd can be exploited by malicious users to bypass chroot restrictions. In order to restrict users to their home directory, both their full name and short name must be listed in the "/etc/ftpchroot" file. However, the problem is that users can change their full name and thereby bypass this restriction. 14) A boundary error in the Netinfo Setup Tool (NeST) when processing input passed to the "-target" command line parameter can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with escalated privileges on a vulnerable system. 15) When enabling the HTTP proxy service in Server Admin, it is by default possible for everyone (including users on the Internet) to use the proxy service. 16) A vulnerability in sudo within the environment clearing can be exploited by malicious, local users to gain escalated privileges. For more information: SA13199 17) An error in the Terminal utility can be exploited to inject data via malicious input containing escape sequences in window titles. 18) An error in the Terminal utility can be exploited to inject commands into a user's Terminal session via malicious input containing escape characters in x-man-path URIs. SOLUTION: Apply Security Update 2005-005. Security Update 2005-005 (Client): http://www.apple.com/support/downloads/securityupdate2005005client.html Security Update 2005-005 (Server): http://www.apple.com/support/downloads/securityupdate2005005server.html PROVIDED AND/OR DISCOVERED BY: 1) JxT 3) Henrik Dalgaard 4) David Remahl 5) Kevin Finisterre, digitalmunition.com. 6) Kevin Finisterre, digitalmunition.com. 10) David Remahl 13) Rob Griffiths 14) Nico 17) David Remahl 18) David Remahl 19) Pieter de Boer ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301528 David Remahl: http://remahl.se/david/vuln/004/ http://remahl.se/david/vuln/010/ http://remahl.se/david/vuln/011/ http://remahl.se/david/vuln/012/ digitalmunition.com: http://www.digitalmunition.com/DMA[2005-0502a].txt iDEFENSE: http://www.idefense.com/application/poi/display?id=239&type=vulnerabilities OTHER REFERENCES: SA12549: http://secunia.com/advisories/12549/ SA13199: http://secunia.com/advisories/13199/ SA13607: http://secunia.com/advisories/13607/ SA14188: http://secunia.com/advisories/14188/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This bug can be easily exploited to gain root access. This vulnerability has CVE ID CAN-2005-1343. Exploitation ------------ The overflow can only be exploited on a system having vpnd configured as a server. The following shows a NON-exploitable vpnd installation: host:/tmp root# vpnd -i bla 2005-05-04 15:12:54 CEST VPND: could not get servers dictionary 2005-05-04 15:12:54 CEST VPND: error processing prefs file This is due to the non-existance of /var/db/SystemConfiguration/com.apple.RemoteAccessServers.plist. Anyway, on an exploitable system you'd get: host:/tmp root# vpnd -i `perl -e 'print "A"x600'` 2005-05-04 15:16:41 CEST VPND: Server ID 'AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' invalid Segmentation fault The crashlog /Library/Logs/CrashReporter/vpnd.crash.log shows: OS Version: 10.3.7 (Build 7S215) Report Version: 2 Command: vpnd Path: /usr/sbin/vpnd Version: ??? (???) PID: 12690 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x41414140 Thread 0 Crashed: PPC Thread State: srr0: 0x41414140 srr1: 0x4200f030 vrsave: 0x00000000 cr: 0x24000242 xer: 0x00000004 lr: 0x41414141 ctr: 0x900010a0 r0: 0x41414141 r1: 0xbffffbf0 r2: 0xa0192b50 r3: 0xffffffff r4: 0x00300950 r5: 0x00402004 r6: 0x00402004 r7: 0x00000001 r8: 0x0000000f r9: 0xa00011ac r10: 0x00000013 r11: 0x44000244 r12: 0x900010a0 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000 r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000 r20: 0x00000000 r21: 0x00000000 r22: 0x00000000 r23: 0x00000000 r24: 0x00000000 r25: 0x00000000 r26: 0xbffffce4 r27: 0x00000014 r28: 0x41414141 r29: 0x41414141 r30: 0x41414141 r31: 0x41414141 Fix --- Apply Security Update 2005-005 (which fixes quite a few other bugs, too), remove the suid bit or remove the above mentioned config file

Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. The vulnerability presents itself when the application handles excessive string values through a command line parameter. An attacker can gain superuser privileges by exploiting this issue. Due to the availability of more information, this issue is being assinged a new BID. Netinfo Setup Tool (NeST) is a SUID tool

Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. Cisco IOS Implemented in ITS , CME ,and SRST Is SCCP Packets are not processed properly, so if these are enabled, illegal SCCP A vulnerability exists that causes the device to restart after interpreting the packet.System disrupts service operation (DoS) It may be in a state. IOS is prone to a denial-of-service vulnerability. The issue is reported to exist in the Skinny Call Control Protocol (SCCP) handler. A remote attacker may exploit this vulnerability continuously to effectively deny network-based services to legitimate users. Cisco IOS is the underlying operating system for Cisco networking equipment

Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header. Apple Mac OS X is prone to a local denial of service vulnerability. This issue is exposed when the Mac OS X kernel processes an executable file, causing temporary interruption of services on the computer. Reportedly a local integer overflow vulnerability affects the Darwin Kernel. This issue is due to a failure of the affected to properly handle integer signedness. An attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users. It has been speculated that this issue may also be leverage to escalate privileges, although this is unconfirmed

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters. The issue occurs in the searchfs() code. The vulnerability exists due to an error in calculating size arguments derived from user-controlled integer values, which are then used in a user-land to kernel memory copy operation. The issue may be leveraged to corrupt kernel memory and ultimately execute arbitrary code with ring-0 privileges. The issue may also be exploited to trigger a denial of service condition from a kernel panic

The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. These issues are due to a failure of the application to properly implement access controls on job schedule files. An attacker may leverage these issues to read and delete arbitrary files and execute applications on an affected computer with superuser privileges. Information revealed in this way may lead to further attacks. Mac OS X is a BSD-based operating system

NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. NetGear FVS318 is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to bypass URI filters and carry out cross-site scripting attacks. The following issues were identified: It is reported that an attacker can bypass URI filters of the device. The URI filter log viewer is reported prone to a cross-site scripting vulnerability. The research report specified that FVS318 devices with firmware 2.4 are vulnerable to these issues. FVS318 and FVS318v2 are shipped with firmware 2.4, however, it is possible that FVS318v3 and other firmware versions are affected as well. This BID will be updated when more information about affected packages is available. The Netgear FVS318 is a handy little router. A filter detection bypass vulnerability exists in Netgear FVS318 with firmware version 2.4. Remote attackers can use Hex-encoded URLs, such as HEX-encoded file extensions, to bypass detection

Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. NetGear FVS318 is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to bypass URI filters and carry out cross-site scripting attacks. The following issues were identified: It is reported that an attacker can bypass URI filters of the device. The URI filter log viewer is reported prone to a cross-site scripting vulnerability. The research report specified that FVS318 devices with firmware 2.4 are vulnerable to these issues. FVS318 and FVS318v2 are shipped with firmware 2.4, however, it is possible that FVS318v3 and other firmware versions are affected as well. This BID will be updated when more information about affected packages is available. Multiple Vulnerabilities in Netgear FVS318 Router ------------------------------------------------------------------------ SUMMARY The <http://www.netgear.com> Netgear FVS318 is "an easy to use, firewall/router designed for home users and small businesses". SecuriNews Research has found 2 vulnerabilities in the router, one allows bypassing the product's content filtering mechanism while the other allows injecting arbitrary HTML and/or JavaScript into the product's log files which can then be used to attack the administrator of the router. DETAILS Content Filtering Bypass: By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator blocks the phrase ".exe"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode the 'x' in ".exe", the new phrase ".e%78e" will bypass the filter

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. Linux Kernel is reported prone to a local denial-of-service vulnerability. Reportedly, this issue presents itself when a user creates a large Virtual Memory Area (VMA) that overlaps with arg pages during the exec() system call. Successful exploitation will lead to a denial-of-service condition in a vulnerable computer. No further details are available at this time. This issue will be updated as more information becomes available. Linux Kernel is the kernel of the open source operating system Linux. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Debian update for kernel-source-2.4.17 SECUNIA ADVISORY ID: SA20338 VERIFY ADVISORY: http://secunia.com/advisories/20338/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.0 http://secunia.com/product/143/ DESCRIPTION: Debian has issued an update for kernel-source-2.4.17. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information, cause a DoS (Denial of Service), gain escalated privileges, and by malicious people to cause a DoS, and disclose potentially sensitive information. -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.dsc Size/MD5 checksum: 713 6ff55b14d3ae957c55bbed7fabf4c047 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.tar.gz Size/MD5 checksum: 30437486 86601103169da686167972e5e560e3d4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.dsc Size/MD5 checksum: 736 f97d95c6ecc26401f8f2fc2ead6cf421 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.tar.gz Size/MD5 checksum: 25419305 9bc354f889edd4964840475400b088b7 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.dsc Size/MD5 checksum: 800 d20db4ab99e311150734b70519cc31e9 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.tar.gz Size/MD5 checksum: 12283 f51a7e01941baca7010fb8c2f0f67fe3 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.dsc Size/MD5 checksum: 694 2d48f4cfa4917904b6c1f806ecc1bdb4 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.tar.gz Size/MD5 checksum: 491935 94638c0c03b6b163f46319e777d4aa71 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.dsc Size/MD5 checksum: 805 b48cbc9c2cd59eee3a52f54cfa5356e0 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.tar.gz Size/MD5 checksum: 1150966 6748462e7bce7c917e066e0594d42571 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.dsc Size/MD5 checksum: 664 f49e9cba55a8a4b098e5dc522f2a07fc http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.tar.gz Size/MD5 checksum: 344642 3a488cc38ffc619bfff4bfbb75eff4cd http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.dsc Size/MD5 checksum: 609 4e0f66c1811cfb9e926c21566e55b202 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.tar.gz Size/MD5 checksum: 29768549 bc1f8eab880a33bfe2ebeb3ef8b6557a Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.5_all.deb Size/MD5 checksum: 24455128 ed5362b12c6327295cd89027ff8e80ab http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.18_all.deb Size/MD5 checksum: 24735538 cf9ddb702811464ac2dd2231512053f9 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7_all.deb Size/MD5 checksum: 1151866 6f2575f26e7800e1e7a7cafdaf02b3a6 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4_all.deb Size/MD5 checksum: 300202 0f5db53cdab20024b4a3a75bd0799b1a http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody4_all.deb Size/MD5 checksum: 1708122 7d18878351662289ac0841e0ad8f10f4 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_all.deb Size/MD5 checksum: 23972270 a0bf4a2796a9b49c36579166e6a72d62 HP Precision architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.5_hppa.deb Size/MD5 checksum: 3523044 63c790a70164e579c8bb3b8a08ea69b5 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.5_hppa.deb Size/MD5 checksum: 2869994 e9e2be22d5fdf40f2e879570adc1132d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.5_hppa.deb Size/MD5 checksum: 3006192 cf53ac718c6ed26a59802e74c5926f00 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.5_hppa.deb Size/MD5 checksum: 3029436 d0e0fd747af9ff7a3633ee9cc6b1f1e6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.5_hppa.deb Size/MD5 checksum: 3170356 ca408698a580463da3a547b2f87006e4 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_hppa.deb Size/MD5 checksum: 16886 437018078d9d01e25702cf1a20c23414 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.18_ia64.deb Size/MD5 checksum: 3638280 b6cd4e0d4129b6f4d0734253818cd828 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.18_ia64.deb Size/MD5 checksum: 7026800 55e4cd610c06297c7132ce2aeb88d029 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.18_ia64.deb Size/MD5 checksum: 7172892 a66f94c18d8ee4354e9446655837c72a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.18_ia64.deb Size/MD5 checksum: 7014470 d99cc0f293c747a295230de934328007 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.18_ia64.deb Size/MD5 checksum: 7165570 997a9dbf17821067de6ceb65548e7c2b http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody4_ia64.deb Size/MD5 checksum: 21616 1eab80187061fbd304b6328533d7dc33 IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.5_s390.deb Size/MD5 checksum: 3379418 74817217abf90896eb63d6c6792839fe http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5_s390.deb Size/MD5 checksum: 1346190 39433c757763336b6c14bf0d00652596 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_s390.deb Size/MD5 checksum: 16404 9cfcf10a2a2ef99bbb009a650cddd227 PowerPC architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 3409712 698750e3998ee3792db43f445a8a8d96 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 2211146 103890e43508a5913a10ff8be80e9cdc http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 4602 31ef3f45675fc13836337dee97486e20 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 490842 799441a4e49b88f780353d7aff9f29d2 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_powerpc.deb Size/MD5 checksum: 16280 4e54c040bc83523d8122287bab6df7a5 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mips.deb Size/MD5 checksum: 3523520 45f001c255a3a66f22148d84d035abb1 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody7_mips.deb Size/MD5 checksum: 2045436 c840c6ff8c9e3ab455d38021d09a391d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody7_mips.deb Size/MD5 checksum: 2045226 709ccbc6754644fa448c93058f0df504 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mips.deb Size/MD5 checksum: 16556 019623b1dbc75bff84d7f056435dc6db Little endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 3522422 2118440d1658730fd93f47867848573c http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 2200968 63bc732deee6df19b83f10a50485a476 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 2195278 697eb9b05f765c332eca175284eb24b8 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 17836 61df1f292dccb4e64cb956a629f729fc http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mipsel.deb Size/MD5 checksum: 16558 f8382b01aca2c535988b5ab5709dae90 Alpha architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_alpha.deb Size/MD5 checksum: 17180 7d1cf8fb24431c01f45fadf7becb6d2e ARM architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_arm.deb Size/MD5 checksum: 15878 fcf97ed103c205699fb5396c3a49e293 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_i386.deb Size/MD5 checksum: 15518 2e7d50090a469a84ef7f3ae8aa97b85f Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_m68k.deb Size/MD5 checksum: 15368 41a11620bf7ea34b15742ccf59ff6895 Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_sparc.deb Size/MD5 checksum: 18356 71b076d3eeff837bfb54a7f538b11b58 ORIGINAL ADVISORY: http://www.us.debian.org/security/2006/dsa-1082 OTHER REFERENCES: SA10533: http://secunia.com/advisories/10533/ SA11464: http://secunia.com/advisories/11464/ SA11861: http://secunia.com/advisories/11861/ SA11943: http://secunia.com/advisories/11943/ SA13232: http://secunia.com/advisories/13232/ SA13469: http://secunia.com/advisories/13469/ SA13126: http://secunia.com/advisories/13126/ SA13308: http://secunia.com/advisories/13308/ SA13627: http://secunia.com/advisories/13627/ SA13756: http://secunia.com/advisories/13756/ SA13493: http://secunia.com/advisories/13493/ SA13822: http://secunia.com/advisories/13822/ SA14295: http://secunia.com/advisories/14295/ SA14570: http://secunia.com/advisories/14570/ SA13784: http://secunia.com/advisories/13784/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. This issue is exposed when the application parses 'm3u' and 'pls' playlist files. As these files may originate from an external source, this issue is considered remotely exploitable. If the vulnerability is successfully exploited, it will result in execution of arbitrary code in the context of the user running the application. Apple iTunes is a media player program. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-01-11 iTunes 4.7.1 iTunes 4.7.1 is now available and delivers the following security enhancement: CVE-ID: CAN-2005-0043 Impact: Malicious playlists can cause iTunes to crash and could execute arbitrary code Description: iTunes supports several common playlist formats. Credit to Sean de Regge (seanderegge[at]hotmail.com) for discovering this issue, and to iDEFENSE Labs for reporting it to us. Available for: Mac OS X, Microsoft Windows XP, Microsoft Windows 2000 iTunes 4.7.1 may be obtained from the Software Update pane in System Preferences, or Apple's iTunes download site: http://www.apple.com/itunes/download/ The download file is named: "iTunes4.7.1.dmg" Its SHA-1 digest is: 2ae8c815f18756c24dfbc1ac7d837b75b828b92a Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQeQviJyw5owIz4TQAQIMrgf/fYmI5LZy5DM5a61kbXgnzq5OpQQPaidH disRa8UbjGrr+sSvEytQaxgO5vbDsZWgDGYeeaHTUeyiBdznO/b7X9moUC0uXEtC /a/CC2219AYeoQLJCMWhiIbrkL3OQ8QHoV3KaMlcg98tHgsrZKg1ssqEZszkjNrV Jj1dm3hYn2/DHPqzhGy2+l4Lp/8Bdg2VwXJjCLrqD6cgcSAX0HVdVq+CM2VQ1DGH O9PjkspNxoTR2iV0VbJdc+q/Mi1HXlouNaURgR01oBYGqZoQ2mxYGMLIthgVoyri E/c5iyPq4lwDnhyjii4fajLO/3BW6MY7RVoNWv2ipYjVi1RPQ6d6iQ== =SryY -----END PGP SIGNATURE----- -- David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12

Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner.". An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Mac OS X Server is prone to a local security vulnerability

Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. WS FTP Server is prone to a denial-of-service vulnerability. WS_FTP is an FTP server software. Multiple buffer overflow vulnerabilities exist in WS_FTP server 5.03 2004.10.14

Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. CNS Network Registrar is prone to a denial-of-service vulnerability. Cisco CNS Registrar is a full-featured DNS/DHCP system

The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. My Firewall Plus is prone to a local security vulnerability

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. Linux Kernel of (1) load_elf_library() function, (2) binfmt_aout() Functions include brk There is a flaw in the handling of the segment that causes a race condition.root You may get permission. Linux kernel is reported prone to a local privilege-escalation vulnerability. This issue arises in the 'uselib()' functions of the Linux binary-format loader as a result of a race condition. Successful exploitation of this vulnerability can allow a local attacker to gain elevated privileges on a vulnerable computer. The ELF and a.out loaders are reportedly affected by this vulnerability. The Linux kernel provides a binary format loader layer to load programs in different formats such as ELF or a.out or others, and the kernel also provides the sys_uselib() function to load corresponding binary programs. From the analysis of the uselib function of load_elf_library() in the binfmt_elf.c file, there is a problem in the processing of the BRK segment (VMA) of the library. This segment is established through current->mm->mmap_sem. When modifying the memory layout of the calling process\ '\' semaphore \'\' (semaphore) is not maintained, this can be used to mess with memory management and elevate privileges. Part of the source code fs/binfmt_elf.c is as follows: static int load_elf_library(struct file *file) { [904] down_write(¤t->mm->mmap_sem); error = do_mmap(file, ELF_PAGESTART(elf_phdata->p_vaddr), ( elf_phdata- > p_filesz + ELF_PAGEOFFSET(elf_phdata- > p_vaddr)), PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, (elf_phdata- > p_offset - ELF_PAGEOFFSET(elf_phdata- > p_vaddr))); >mmap_sem); if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) goto out_free_ph;. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Debian update for kernel-source-2.4.17 SECUNIA ADVISORY ID: SA20338 VERIFY ADVISORY: http://secunia.com/advisories/20338/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.0 http://secunia.com/product/143/ DESCRIPTION: Debian has issued an update for kernel-source-2.4.17. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information, cause a DoS (Denial of Service), gain escalated privileges, and by malicious people to cause a DoS, and disclose potentially sensitive information. For more information: SA10533 SA11464 SA11861 SA11943 SA13232 SA13469 SA13126 SA13308 SA13627 SA13756 SA13493 SA13822 SA14295 SA14570 SA13784 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.dsc Size/MD5 checksum: 713 6ff55b14d3ae957c55bbed7fabf4c047 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.tar.gz Size/MD5 checksum: 30437486 86601103169da686167972e5e560e3d4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.dsc Size/MD5 checksum: 736 f97d95c6ecc26401f8f2fc2ead6cf421 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.tar.gz Size/MD5 checksum: 25419305 9bc354f889edd4964840475400b088b7 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.dsc Size/MD5 checksum: 800 d20db4ab99e311150734b70519cc31e9 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.tar.gz Size/MD5 checksum: 12283 f51a7e01941baca7010fb8c2f0f67fe3 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.dsc Size/MD5 checksum: 694 2d48f4cfa4917904b6c1f806ecc1bdb4 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.tar.gz Size/MD5 checksum: 491935 94638c0c03b6b163f46319e777d4aa71 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.dsc Size/MD5 checksum: 805 b48cbc9c2cd59eee3a52f54cfa5356e0 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.tar.gz Size/MD5 checksum: 1150966 6748462e7bce7c917e066e0594d42571 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.dsc Size/MD5 checksum: 664 f49e9cba55a8a4b098e5dc522f2a07fc http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.tar.gz Size/MD5 checksum: 344642 3a488cc38ffc619bfff4bfbb75eff4cd http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.dsc Size/MD5 checksum: 609 4e0f66c1811cfb9e926c21566e55b202 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.tar.gz Size/MD5 checksum: 29768549 bc1f8eab880a33bfe2ebeb3ef8b6557a Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.5_all.deb Size/MD5 checksum: 24455128 ed5362b12c6327295cd89027ff8e80ab http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.18_all.deb Size/MD5 checksum: 24735538 cf9ddb702811464ac2dd2231512053f9 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7_all.deb Size/MD5 checksum: 1151866 6f2575f26e7800e1e7a7cafdaf02b3a6 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4_all.deb Size/MD5 checksum: 300202 0f5db53cdab20024b4a3a75bd0799b1a http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody4_all.deb Size/MD5 checksum: 1708122 7d18878351662289ac0841e0ad8f10f4 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_all.deb Size/MD5 checksum: 23972270 a0bf4a2796a9b49c36579166e6a72d62 HP Precision architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.5_hppa.deb Size/MD5 checksum: 3523044 63c790a70164e579c8bb3b8a08ea69b5 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.5_hppa.deb Size/MD5 checksum: 2869994 e9e2be22d5fdf40f2e879570adc1132d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.5_hppa.deb Size/MD5 checksum: 3006192 cf53ac718c6ed26a59802e74c5926f00 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.5_hppa.deb Size/MD5 checksum: 3029436 d0e0fd747af9ff7a3633ee9cc6b1f1e6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.5_hppa.deb Size/MD5 checksum: 3170356 ca408698a580463da3a547b2f87006e4 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_hppa.deb Size/MD5 checksum: 16886 437018078d9d01e25702cf1a20c23414 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.18_ia64.deb Size/MD5 checksum: 3638280 b6cd4e0d4129b6f4d0734253818cd828 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.18_ia64.deb Size/MD5 checksum: 7026800 55e4cd610c06297c7132ce2aeb88d029 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.18_ia64.deb Size/MD5 checksum: 7172892 a66f94c18d8ee4354e9446655837c72a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.18_ia64.deb Size/MD5 checksum: 7014470 d99cc0f293c747a295230de934328007 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.18_ia64.deb Size/MD5 checksum: 7165570 997a9dbf17821067de6ceb65548e7c2b http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody4_ia64.deb Size/MD5 checksum: 21616 1eab80187061fbd304b6328533d7dc33 IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.5_s390.deb Size/MD5 checksum: 3379418 74817217abf90896eb63d6c6792839fe http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5_s390.deb Size/MD5 checksum: 1346190 39433c757763336b6c14bf0d00652596 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_s390.deb Size/MD5 checksum: 16404 9cfcf10a2a2ef99bbb009a650cddd227 PowerPC architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 3409712 698750e3998ee3792db43f445a8a8d96 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 2211146 103890e43508a5913a10ff8be80e9cdc http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 4602 31ef3f45675fc13836337dee97486e20 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6_powerpc.deb Size/MD5 checksum: 490842 799441a4e49b88f780353d7aff9f29d2 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_powerpc.deb Size/MD5 checksum: 16280 4e54c040bc83523d8122287bab6df7a5 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mips.deb Size/MD5 checksum: 3523520 45f001c255a3a66f22148d84d035abb1 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody7_mips.deb Size/MD5 checksum: 2045436 c840c6ff8c9e3ab455d38021d09a391d http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody7_mips.deb Size/MD5 checksum: 2045226 709ccbc6754644fa448c93058f0df504 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mips.deb Size/MD5 checksum: 16556 019623b1dbc75bff84d7f056435dc6db Little endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 3522422 2118440d1658730fd93f47867848573c http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 2200968 63bc732deee6df19b83f10a50485a476 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 2195278 697eb9b05f765c332eca175284eb24b8 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody7_mipsel.deb Size/MD5 checksum: 17836 61df1f292dccb4e64cb956a629f729fc http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mipsel.deb Size/MD5 checksum: 16558 f8382b01aca2c535988b5ab5709dae90 Alpha architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_alpha.deb Size/MD5 checksum: 17180 7d1cf8fb24431c01f45fadf7becb6d2e ARM architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_arm.deb Size/MD5 checksum: 15878 fcf97ed103c205699fb5396c3a49e293 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_i386.deb Size/MD5 checksum: 15518 2e7d50090a469a84ef7f3ae8aa97b85f Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_m68k.deb Size/MD5 checksum: 15368 41a11620bf7ea34b15742ccf59ff6895 Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_sparc.deb Size/MD5 checksum: 18356 71b076d3eeff837bfb54a7f538b11b58 ORIGINAL ADVISORY: http://www.us.debian.org/security/2006/dsa-1082 OTHER REFERENCES: SA10533: http://secunia.com/advisories/10533/ SA11464: http://secunia.com/advisories/11464/ SA11861: http://secunia.com/advisories/11861/ SA11943: http://secunia.com/advisories/11943/ SA13232: http://secunia.com/advisories/13232/ SA13469: http://secunia.com/advisories/13469/ SA13126: http://secunia.com/advisories/13126/ SA13308: http://secunia.com/advisories/13308/ SA13627: http://secunia.com/advisories/13627/ SA13756: http://secunia.com/advisories/13756/ SA13493: http://secunia.com/advisories/13493/ SA13822: http://secunia.com/advisories/13822/ SA14295: http://secunia.com/advisories/14295/ SA14570: http://secunia.com/advisories/14570/ SA13784: http://secunia.com/advisories/13784/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. This issue could allow a remote attacker to cause the base station to stop processing traffic. This can be exploited to cause a vulnerable device to stop responding by sending certain data via UDP on port 161. SOLUTION: Apply updated firmwares. -- Airport Express -- Update to firmware version 6.1.1. Mac OS X: http://www.apple.com/support/downloads/airportexpressfirmware611formacosx.html Windows: http://www.apple.com/support/downloads/airportexpressfirmware611forwindows.html -- Airport Extreme -- Update to firmware version 5.5.1. Mac OS X: http://www.apple.com/support/downloads/airportextremefirmware551formacosx.html Windows: http://www.apple.com/support/downloads/airportextremefirmware551forwindows.html PROVIDED AND/OR DISCOVERED BY: Dylan Griffiths ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------