VARIoT IoT vulnerabilities database

Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. Attackers can exploit this issue to execute arbitrary code with the privileges of the vulnerable application; failed attacks will result in denial-of-service conditions. This issue affects Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. This vulnerability CVE-2010-0926 And may be duplicated.An arbitrary file may be accessed by a remotely authenticated user via a symbolic link. Attackers require access to a mounted SMB share to exploit this issue. An attacker can exploit this issue to bypass certain security restrictions to access arbitrary files. This may aid in further attacks. This issue affects Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6 through 10.6.3, and Mac OS X Server 10.6 through 10.6.3. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired

Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability. An attacker can exploit this issue to bypass certain security restrictions. Arbitrary folders can be deleted; this may aid in further attacks. This issue affects Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6 through 10.6.3, and Mac OS X Server 10.6 through 10.6.3

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability. This issue can leave legitimate users with a false sense of security, and could allow a local attacker to access files they were not intended to. Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6 through 10.6.3, and Mac OS X Server 10.6 through 10.6.3 are vulnerable

ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. Attackers can exploit this issue to execute arbitrary code; failed attacks will result in a denial-of-service condition. This issue affects Mac OS X 10.5.8 and Mac OS X Server 10.5.8. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. Ruby WEBrick is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname (CVE-2011-1005). (CVE-2011-0188). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0188 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: c066384f71562d23b04e4f37e06cd167 2009.0/i586/ruby-1.8.7-7p72.4mdv2009.0.i586.rpm 663d190c3a9040a5e1f63d3c3ff48ba1 2009.0/i586/ruby-devel-1.8.7-7p72.4mdv2009.0.i586.rpm beb5b53b8d66028329b8e1884aa18c90 2009.0/i586/ruby-doc-1.8.7-7p72.4mdv2009.0.i586.rpm 38bea5030db5e2d25f6348ef15150486 2009.0/i586/ruby-tk-1.8.7-7p72.4mdv2009.0.i586.rpm fbe12ae1b2026227568007c26c3bc0c4 2009.0/SRPMS/ruby-1.8.7-7p72.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 68a7d27517f1848f660418aa584eb3da 2009.0/x86_64/ruby-1.8.7-7p72.4mdv2009.0.x86_64.rpm 19749daa6bf45dc43daa4561f107134c 2009.0/x86_64/ruby-devel-1.8.7-7p72.4mdv2009.0.x86_64.rpm 68fb72ae12ba5ceadcc22434e13b4db1 2009.0/x86_64/ruby-doc-1.8.7-7p72.4mdv2009.0.x86_64.rpm 9f0f091ffb3f1fc1418f765b974d93da 2009.0/x86_64/ruby-tk-1.8.7-7p72.4mdv2009.0.x86_64.rpm fbe12ae1b2026227568007c26c3bc0c4 2009.0/SRPMS/ruby-1.8.7-7p72.4mdv2009.0.src.rpm Mandriva Linux 2010.1: ddeaf58e58815fe6cc74655d622543af 2010.1/i586/ruby-1.8.7.p249-4.1mdv2010.2.i586.rpm 6f18aaa77d93fcddbb98e12e5e829b2b 2010.1/i586/ruby-devel-1.8.7.p249-4.1mdv2010.2.i586.rpm 5f23410b06cb0c11483ad0944511521c 2010.1/i586/ruby-doc-1.8.7.p249-4.1mdv2010.2.i586.rpm 8cfeb511b56f105eb9c4f76be8255e65 2010.1/i586/ruby-tk-1.8.7.p249-4.1mdv2010.2.i586.rpm 26ba24fef0f0c25c1906479c4711e095 2010.1/SRPMS/ruby-1.8.7.p249-4.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 9ce41813fa1b4c75c2427fd605127e0b 2010.1/x86_64/ruby-1.8.7.p249-4.1mdv2010.2.x86_64.rpm c20daba0703471c7a6131410ecad9ad6 2010.1/x86_64/ruby-devel-1.8.7.p249-4.1mdv2010.2.x86_64.rpm 1d87d641bb55721b342a8c1d94483146 2010.1/x86_64/ruby-doc-1.8.7.p249-4.1mdv2010.2.x86_64.rpm 307294ebb3e8fd4b4c56553c69f5c4d2 2010.1/x86_64/ruby-tk-1.8.7.p249-4.1mdv2010.2.x86_64.rpm 26ba24fef0f0c25c1906479c4711e095 2010.1/SRPMS/ruby-1.8.7.p249-4.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: d07c49b37323079332997e866458ae9d mes5/i586/ruby-1.8.7-7p72.4mdvmes5.2.i586.rpm 5f7223ff9adf5efabaea360e5b18aadf mes5/i586/ruby-devel-1.8.7-7p72.4mdvmes5.2.i586.rpm 43901d6c806fa7233a6f5523e8f50390 mes5/i586/ruby-doc-1.8.7-7p72.4mdvmes5.2.i586.rpm 350d1f6430aecfc3f2273faa2ccbb780 mes5/i586/ruby-tk-1.8.7-7p72.4mdvmes5.2.i586.rpm 45603b65b4f80c8e1858bbc84daf4494 mes5/SRPMS/ruby-1.8.7-7p72.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: c6c7bd10892509e91ce007670cfaa22f mes5/x86_64/ruby-1.8.7-7p72.4mdvmes5.2.x86_64.rpm 3bb3451b8ed9ab86b10ef43a090d362e mes5/x86_64/ruby-devel-1.8.7-7p72.4mdvmes5.2.x86_64.rpm dff5787e4172ea0941033b596293c08f mes5/x86_64/ruby-doc-1.8.7-7p72.4mdvmes5.2.x86_64.rpm 2c8951924ef6f80d1ca887f82f8deb47 mes5/x86_64/ruby-tk-1.8.7-7p72.4mdvmes5.2.x86_64.rpm 45603b65b4f80c8e1858bbc84daf4494 mes5/SRPMS/ruby-1.8.7-7p72.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN2jqhmqjQ0CJFipgRAlnKAKDcf6I3beHFSSrX86ob/PzT+NwtxgCeNgsq uMw3t7u8fkmaD51bIO3CaIw= =yXr+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2011:0909-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0909.html Issue date: 2011-06-28 CVE Names: CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 ===================================================================== 1. Summary: Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 554485 - CVE-2009-4492 ruby WEBrick log escape sequence 587731 - CVE-2010-0541 Ruby WEBrick javascript injection flaw 678913 - CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module 678920 - CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings 682332 - CVE-2011-0188 ruby: memory corruption in BigDecimal on 64bit platforms 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-19.el5_6.1.src.rpm i386: ruby-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-docs-1.8.5-19.el5_6.1.i386.rpm ruby-irb-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-rdoc-1.8.5-19.el5_6.1.i386.rpm ruby-ri-1.8.5-19.el5_6.1.i386.rpm ruby-tcltk-1.8.5-19.el5_6.1.i386.rpm x86_64: ruby-1.8.5-19.el5_6.1.x86_64.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.x86_64.rpm ruby-docs-1.8.5-19.el5_6.1.x86_64.rpm ruby-irb-1.8.5-19.el5_6.1.x86_64.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.x86_64.rpm ruby-rdoc-1.8.5-19.el5_6.1.x86_64.rpm ruby-ri-1.8.5-19.el5_6.1.x86_64.rpm ruby-tcltk-1.8.5-19.el5_6.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-19.el5_6.1.src.rpm i386: ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-mode-1.8.5-19.el5_6.1.i386.rpm x86_64: ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.x86_64.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.x86_64.rpm ruby-mode-1.8.5-19.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-19.el5_6.1.src.rpm i386: ruby-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-docs-1.8.5-19.el5_6.1.i386.rpm ruby-irb-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-mode-1.8.5-19.el5_6.1.i386.rpm ruby-rdoc-1.8.5-19.el5_6.1.i386.rpm ruby-ri-1.8.5-19.el5_6.1.i386.rpm ruby-tcltk-1.8.5-19.el5_6.1.i386.rpm ia64: ruby-1.8.5-19.el5_6.1.ia64.rpm ruby-debuginfo-1.8.5-19.el5_6.1.ia64.rpm ruby-devel-1.8.5-19.el5_6.1.ia64.rpm ruby-docs-1.8.5-19.el5_6.1.ia64.rpm ruby-irb-1.8.5-19.el5_6.1.ia64.rpm ruby-libs-1.8.5-19.el5_6.1.ia64.rpm ruby-mode-1.8.5-19.el5_6.1.ia64.rpm ruby-rdoc-1.8.5-19.el5_6.1.ia64.rpm ruby-ri-1.8.5-19.el5_6.1.ia64.rpm ruby-tcltk-1.8.5-19.el5_6.1.ia64.rpm ppc: ruby-1.8.5-19.el5_6.1.ppc.rpm ruby-debuginfo-1.8.5-19.el5_6.1.ppc.rpm ruby-debuginfo-1.8.5-19.el5_6.1.ppc64.rpm ruby-devel-1.8.5-19.el5_6.1.ppc.rpm ruby-devel-1.8.5-19.el5_6.1.ppc64.rpm ruby-docs-1.8.5-19.el5_6.1.ppc.rpm ruby-irb-1.8.5-19.el5_6.1.ppc.rpm ruby-libs-1.8.5-19.el5_6.1.ppc.rpm ruby-libs-1.8.5-19.el5_6.1.ppc64.rpm ruby-mode-1.8.5-19.el5_6.1.ppc.rpm ruby-rdoc-1.8.5-19.el5_6.1.ppc.rpm ruby-ri-1.8.5-19.el5_6.1.ppc.rpm ruby-tcltk-1.8.5-19.el5_6.1.ppc.rpm s390x: ruby-1.8.5-19.el5_6.1.s390x.rpm ruby-debuginfo-1.8.5-19.el5_6.1.s390.rpm ruby-debuginfo-1.8.5-19.el5_6.1.s390x.rpm ruby-devel-1.8.5-19.el5_6.1.s390.rpm ruby-devel-1.8.5-19.el5_6.1.s390x.rpm ruby-docs-1.8.5-19.el5_6.1.s390x.rpm ruby-irb-1.8.5-19.el5_6.1.s390x.rpm ruby-libs-1.8.5-19.el5_6.1.s390.rpm ruby-libs-1.8.5-19.el5_6.1.s390x.rpm ruby-mode-1.8.5-19.el5_6.1.s390x.rpm ruby-rdoc-1.8.5-19.el5_6.1.s390x.rpm ruby-ri-1.8.5-19.el5_6.1.s390x.rpm ruby-tcltk-1.8.5-19.el5_6.1.s390x.rpm x86_64: ruby-1.8.5-19.el5_6.1.x86_64.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.x86_64.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.x86_64.rpm ruby-docs-1.8.5-19.el5_6.1.x86_64.rpm ruby-irb-1.8.5-19.el5_6.1.x86_64.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.x86_64.rpm ruby-mode-1.8.5-19.el5_6.1.x86_64.rpm ruby-rdoc-1.8.5-19.el5_6.1.x86_64.rpm ruby-ri-1.8.5-19.el5_6.1.x86_64.rpm ruby-tcltk-1.8.5-19.el5_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4492.html https://www.redhat.com/security/data/cve/CVE-2010-0541.html https://www.redhat.com/security/data/cve/CVE-2011-0188.html https://www.redhat.com/security/data/cve/CVE-2011-1004.html https://www.redhat.com/security/data/cve/CVE-2011-1005.html https://access.redhat.com/security/updates/classification/#moderate http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/ http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOChE2XlSAg2UNWIIRApbvAJ9jyCr3ab4eoWGmH/Lr1D9fbqlPbQCfSmOh k7GfQmHQju444Nztk6ar944= =VbL1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ruby WEBrick UTF-7 Error Message Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41003 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/41003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby WEBrick, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to an error in the Ruby WEBrick HTTP server, which can be leveraged to generate error pages interpreted as having an UTF-7 character set. This is related to vulnerability #20 in: SA40220 The vulnerability is reported in Ruby version 1.8.6-p399 and prior, Ruby 1.8.7-p299 and prior, and Ruby 1.9.1-p429 and prior. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Apple. ORIGINAL ADVISORY: http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Content-Disposition: inline ============================================================================ Ubuntu Security Notice USN-1377-1 February 28, 2012 ruby1.8 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in ruby1.8. (CVE-2010-0541) Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. (CVE-2011-0188) Nicholas Jefferson discovered that the FileUtils.remove_entry_secure method in Ruby did not properly remove non-empty directories. (CVE-2011-1004) It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. (CVE-2011-1005) Eric Wong discovered that Ruby does not properly reseed its pseudorandom number generator when creating child processes. An attacker could use this flaw to gain knowledge of the random numbers used in other Ruby child processes. (CVE-2011-2686) Eric Wong discovered that the SecureRandom module in Ruby did not properly seed its pseudorandom number generator. An attacker could use this flaw to gain knowledge of the random numbers used by another Ruby process with the same process ID number. (CVE-2011-2705) Alexander Klink and Julian W=E4lde discovered that Ruby computed hash values without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by crafting values used in hash tables. (CVE-2011-4815) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libruby1.8 1.8.7.352-2ubuntu0.1 ruby1.8 1.8.7.352-2ubuntu0.1 Ubuntu 11.04: libruby1.8 1.8.7.302-2ubuntu0.1 ruby1.8 1.8.7.302-2ubuntu0.1 Ubuntu 10.10: libruby1.8 1.8.7.299-2ubuntu0.1 ruby1.8 1.8.7.299-2ubuntu0.1 Ubuntu 10.04 LTS: libruby1.8 1.8.7.249-2ubuntu0.1 ruby1.8 1.8.7.249-2ubuntu0.1 In general, a standard system update will make all the necessary changes

Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request. Successful exploits may allow an attacker to crash the affected application, resulting in a denial-of-service condition. Impact PDF Reader 2.0 and 1.2 are vulnerable; other versions may also be affected. iPhone is a smartphone released by Apple

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: McAfee UTM Firewall "page" Cross-Site-Scripting Vulnerability SECUNIA ADVISORY ID: SA40089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40089 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/40089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Adam Baldwin has reported a vulnerability in McAfee Unified Threat Management (UTM) Firewall, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "page" parameter to cgi-bin/cgix/help is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 3.0.0 through 4.0.6 SOLUTION: Upgrade to McAfee UTM Firewall firmware version 4.0.7. PROVIDED AND/OR DISCOVERED BY: Adam Baldwin, nGenuity Information Security ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10010 nGenuity Information Security: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected

Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method. Sygate Personal Firewall ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. Sygate Personal Firewall 5.6 build 2808 is vulnerable; other versions may also be affected

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. LibTIFF is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. LibTIFF versions prior to 3.9.3 are vulnerable. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. For the stable distribution (lenny), this problem has been fixed in version 3.8.2-11.3. For the unstable distribution (sid), this problem has been fixed in version 3.9.4-1. We recommend that you upgrade your tiff packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz Size/MD5 checksum: 1376361 bfbc775f3ea2d698f6c4e57a66a6bc62 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc Size/MD5 checksum: 965 289fde796cd4d75c185fd380e4ef2611 Architecture independent packages: http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb Size/MD5 checksum: 368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb Size/MD5 checksum: 184038 718aa158afb8b08924079e4c8990f303 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb Size/MD5 checksum: 339202 b4d67d4e554d4e681e54a9951bc6ab88 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb Size/MD5 checksum: 49078 2c6b9d3ee81d1f1ea306d395b51c1731 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb Size/MD5 checksum: 55100 ef3532a300357164438524ca256853fb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb Size/MD5 checksum: 253438 6e72c7d573238d09bdc43a20472b2b29 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb Size/MD5 checksum: 230540 93a89276bd4fe5be5a9d50b040002a70 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb Size/MD5 checksum: 169962 037d13ec48515773798dfc51af404eef http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb Size/MD5 checksum: 54210 d4e1911e9e5f07980e0d71bde8bfc732 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb Size/MD5 checksum: 48846 334988c78cfc87a6a3f9f9a18254f450 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb Size/MD5 checksum: 293176 4aa38a5f29db663094e6af1039b5a32b armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb Size/MD5 checksum: 162044 2b4e8648f64119e0ab8e8ab6246270a9 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb Size/MD5 checksum: 234150 7481d9317f18ce662f3b8997ce924df8 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb Size/MD5 checksum: 55996 26fbcbaccac9a1ee56b681699ff035e3 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb Size/MD5 checksum: 48532 30d10222b5e240af5823a2a1cf1b1e26 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb Size/MD5 checksum: 278612 97026ca2288156a7c08057afedede29e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb Size/MD5 checksum: 309128 bf85956e72869e294f893c3f27b6ad37 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb Size/MD5 checksum: 176834 e0f39c8995ba2d40ae444257bf9b5943 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb Size/MD5 checksum: 49746 04935c2e72b8696ccfcd1c303fb83327 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb Size/MD5 checksum: 54552 d4af13d4eb9022e20ce2312d951ba34b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb Size/MD5 checksum: 241610 97b8a14e8b2cc24197e2b82d01f51775 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb Size/MD5 checksum: 275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb Size/MD5 checksum: 48830 734c77873fd7f566e2473470b1db31aa http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb Size/MD5 checksum: 161636 665df63c672569d63281727a7ac499b0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb Size/MD5 checksum: 53632 5d75e0f199918c8c250b0a48d4b2fd4f http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb Size/MD5 checksum: 219164 b3b8468f9a518093440b74fc573a6ee1 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb Size/MD5 checksum: 368628 57e577e4e2a590f89b96204598e14d04 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb Size/MD5 checksum: 56790 4072f1d33f13b2bd419cdd984947a4ce http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb Size/MD5 checksum: 50600 fd59fabeaae51f1b5cf6a675abd2733e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb Size/MD5 checksum: 230320 54f9d6a2004efac771cdf2856c238032 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb Size/MD5 checksum: 294884 e6b5df4ea911fc1cc788b8ec7302180a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb Size/MD5 checksum: 228404 3980fe301b7f21ef4a651d970791deb4 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb Size/MD5 checksum: 54648 c1e21d56c6c3caca4fa5cd3088e0131e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb Size/MD5 checksum: 164076 5d3ebd670bb207890c8b01446d9b5286 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb Size/MD5 checksum: 49246 6b55de1c9cc0588311d490393588fef8 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb Size/MD5 checksum: 308736 ff1fd350e5516cd2b01fdf63e7038571 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 54422 561140c51e40c2c87d7c38e47ec1ce0f http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 49108 0eed63837509815d380a8ede4617a2c0 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 307868 f0b97d0b90054a568241766cd5e8ac0e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 164694 69ae3b75909d3fbcf4a748a3f17c4a2e http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 228910 75d5940ed31a0a78f7a5a07cca1c90b9 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 299072 cf872d693b7d6d04caab6395c807a49d http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 51290 4b3b6043a320e3b0efede959db2c993f http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 173516 7fb5e356c35b8161dea064a927f8f524 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 270346 ff150ce3bea37067983a7ea8bdc8ce4f http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 57156 d57b33ff85a8c4775c519bf6868e5dda s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb Size/MD5 checksum: 49846 f0d66694ef6247958c18b753690d6cf6 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb Size/MD5 checksum: 293844 3f30774b20aada6f011ffeaaf0913ce9 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb Size/MD5 checksum: 177474 884dc57fdc438a4a735e123911bcb8dd http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb Size/MD5 checksum: 231424 620b24d7eafbb4851b1fd43c96a4445c http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb Size/MD5 checksum: 55402 35f4548f8da35b1e25de3bc650fe65c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb Size/MD5 checksum: 280198 63347485f32c91c6b449ec33041cf343 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb Size/MD5 checksum: 55224 e64c5173ddd48b8a80f37a8a92a4b8ef http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb Size/MD5 checksum: 160138 a01d761068e08a849cf0aba5f8bf8115 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb Size/MD5 checksum: 49380 07dfbcef878e3d014e55bf7c070f722b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb Size/MD5 checksum: 224292 c31548079cc7b5aec519f66411cd0eeb These files will probably be moved into the stable distribution on its next update. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: September 23, 2012 Bugs: #307001, #324885, #357271, #359871, #371308, #410931, #422673, #427166 ID: 201209-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/tiff < 4.0.2-r1 *>= 3.9.5-r2 >= 4.0.2-r1 Description =========== Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF 4.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.2-r1" All libTIFF 3.9 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.5-r2" References ========== [ 1 ] CVE-2009-2347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2347 [ 2 ] CVE-2009-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5022 [ 3 ] CVE-2010-1411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1411 [ 4 ] CVE-2010-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2065 [ 5 ] CVE-2010-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2067 [ 6 ] CVE-2010-2233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2233 [ 7 ] CVE-2010-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2443 [ 8 ] CVE-2010-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2481 [ 9 ] CVE-2010-2482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2482 [ 10 ] CVE-2010-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2483 [ 11 ] CVE-2010-2595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2595 [ 12 ] CVE-2010-2596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2596 [ 13 ] CVE-2010-2597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2597 [ 14 ] CVE-2010-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2630 [ 15 ] CVE-2010-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2631 [ 16 ] CVE-2010-3087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3087 [ 17 ] CVE-2010-4665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4665 [ 18 ] CVE-2011-0192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192 [ 19 ] CVE-2011-0192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192 [ 20 ] CVE-2011-1167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167 [ 21 ] CVE-2011-1167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167 [ 22 ] CVE-2012-1173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1173 [ 23 ] CVE-2012-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088 [ 24 ] CVE-2012-2113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113 [ 25 ] CVE-2012-3401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3401 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:146 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libtiff Date : August 6, 2010 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in libtiff: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. (CVE-2010-2233). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2482 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: ceb7febb41b948977f6196b5bf31d538 2010.0/i586/libtiff3-3.9.1-4.1mdv2010.0.i586.rpm d38ee02dca1666e8d8f7c628e9debcbe 2010.0/i586/libtiff-devel-3.9.1-4.1mdv2010.0.i586.rpm e022bf3d3badddd3c480b4143a8cc2ec 2010.0/i586/libtiff-progs-3.9.1-4.1mdv2010.0.i586.rpm 6f18f9ce3d9582ea3f6f9ddd7b1680d8 2010.0/i586/libtiff-static-devel-3.9.1-4.1mdv2010.0.i586.rpm 69aa854e6935c2d111e44e84225f6f69 2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3965284cc51603cfdc0d9420104b8fd3 2010.0/x86_64/lib64tiff3-3.9.1-4.1mdv2010.0.x86_64.rpm 2768094532f4d1941ef66bae6da6ea15 2010.0/x86_64/lib64tiff-devel-3.9.1-4.1mdv2010.0.x86_64.rpm 2e08c6517abcf34dab75040fbee15212 2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.1mdv2010.0.x86_64.rpm 3c81e78d3c389abcc370add6af857d12 2010.0/x86_64/libtiff-progs-3.9.1-4.1mdv2010.0.x86_64.rpm 69aa854e6935c2d111e44e84225f6f69 2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0ddf3e069a91387a7d85ad5aacd1dd81 2010.1/i586/libtiff3-3.9.2-2.1mdv2010.1.i586.rpm 53d5d64cb3bb34a78d52776d42e0ed16 2010.1/i586/libtiff-devel-3.9.2-2.1mdv2010.1.i586.rpm e549b78e6658cb9a408454bf698e2ead 2010.1/i586/libtiff-progs-3.9.2-2.1mdv2010.1.i586.rpm 821179322f86ba6dcc96dd6afc48fd0f 2010.1/i586/libtiff-static-devel-3.9.2-2.1mdv2010.1.i586.rpm 31563b8124d1953b9c8849e0a63f5422 2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: e858e4c72c5191395d4db7f994ffd7c4 2010.1/x86_64/lib64tiff3-3.9.2-2.1mdv2010.1.x86_64.rpm 6bdce5697bc818f57cb56d22ce989b30 2010.1/x86_64/lib64tiff-devel-3.9.2-2.1mdv2010.1.x86_64.rpm daaf9562d71e8076e87578f25b8dbebe 2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.1mdv2010.1.x86_64.rpm 36d9eef4dd2739944f05fe7edd4e76f8 2010.1/x86_64/libtiff-progs-3.9.2-2.1mdv2010.1.x86_64.rpm 31563b8124d1953b9c8849e0a63f5422 2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMXDLBmqjQ0CJFipgRAsxuAJ9WAKaIXwvgmXJzs8W+fgn2/2+E/gCg9RT9 1DtIJJ4PJJj+9xrl7Yhsyw8= =Ov4p -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-954-1 June 21, 2010 tiff vulnerabilities CVE-2010-1411, CVE-2010-2065, CVE-2010-2067 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.8 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.6 Ubuntu 9.04: libtiff4 3.8.2-11ubuntu0.9.04.6 Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.3 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. (CVE-2010-1411) Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065, CVE-2010-2067) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz Size/MD5: 23040 b840c801a3d7fc4d0a1053d6fabbe707 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.dsc Size/MD5: 803 d68889478f2962e9b31033bebc892e89 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 221050 4d3f5ef363350aa5ade8af964f8cb3ab http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 282864 3ab150b16046d29337ba739f09ffee98 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 476068 717cb178af7ec2759268c50fd9257300 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 44808 e94b7ae7d8c4ed4125db7276f84df640 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 49990 ad2f88b3d31e6ce02cc727f834f67fa6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 206022 713177b3875929efae2c3ff8089067a4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 259564 da2b2a54a49072deb1099928d4d21e4f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 462376 7672d9dab7dfb1c1f80465aedb91c68e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 44808 6b927f6f57aa78861af48514ddac5918 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 49330 5206a97516a0b6f76e423c2f90b8cfee powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 239948 68f3cdaac63717128344589f976ae975 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 288748 96e81fafcef3b4245c80ced08cc5752a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 476678 9ee3902c1570f7b9cb458e6ed844abb1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 47040 399804bdbcfbd3d38b976957ffec738b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 51672 ba92c41d9105bb80729ff263f7955e63 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 208940 c67ceaa5d1c09987d580c438874c17f6 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 270628 7df1a1ad75e42a84af970eab83163089 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 467240 2b85c23af3d8b6c9a82e65736949c131 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 44742 e69373d50bf9c942cbf6d8825bca352b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 49878 e8d0bef67675fdb392e77625f435d219 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.diff.gz Size/MD5: 21457 7abcb4908ccce79993653514228664a7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.dsc Size/MD5: 899 0a7f751ae5fd3a5cb4dbbef7ab8beba1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 186468 23fd6541a3233e1bb4cda603aaa78284 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 571232 95be000d64194a48d01273015edde173 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 131246 c272d2494f48d401a6390ef591770e2a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 5074 aab0bfd607ea51554611263913f5de9a http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 10498 6ca030143c795181a60c4839614ab325 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 175322 65ce19d8e649dd9213fdd45dfa10c090 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 552732 64759cd5ab6f5f9b4afbc32dbbff901d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 123000 f58e75e4d5e334b476fd100ba33edf72 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 5042 586e14ed6fef1ce1eda11624b297f97f http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 9940 65217cbdc3ed7c176ab115834d34030e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 177018 da50f84cda9ef32d65a5f28ac7e04d8c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 555182 e7e9c90796c183e66bf34d72837e49c3 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 124212 e8439778d4c95a5ad750b9d69a6eb309 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 4916 09d01db63f70bd66c3a92720ad888281 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 9980 4bd91c80378208cd35678ead71081ab6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 223478 71bdc0445e1e63b91ecd6d5cdb3d362c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 577308 c893f853e3d834379fe34e6d98541500 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 134610 5ca1d77cac23b098008d3079e3d462a4 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 7510 d920d8082d30de0499af5038556fbaa7 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 13286 2cf13645039e3ef9ae085f33b709ec60 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 178868 16fd5d7a68d5c119f1cfcfbc7d0f720b http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 558590 cef1b1501e6b71beb717da7f110a9829 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 122704 1f07fe414230660e0608a4753f5fa456 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 4804 836d935afee73d163417e77eae1b5eba http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 10700 0ff671fb6a490f6bbf318bc566b9b68e Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.diff.gz Size/MD5: 41278 b5e24df5393ac8d3f0c4ea3f065ae4b3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.dsc Size/MD5: 1367 fd03c6190254db93870f7ccd575272d1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.9.04.6_all.deb Size/MD5: 334870 026f8704147696147176f69e92682c28 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 191638 c93bc89ad72f5c63476d9fe3ecf5ca0d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 250894 d997f30871a19214988da6cd251328b9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 134574 80146acc32c9391baf2ce1c3a8e519c8 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 6284 bd1c39ad7746d911e30871c8939d3988 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 11902 d12ea8aabdc9a7e67d998115c49e902f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 176254 38eef2617f8e1fc8b8fbfce314e0d3e9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 233732 1d104561bc6950d1b7cadbab771f353c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 126548 22359cfdca9c56ff2fb01853315f2639 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 6274 de4dccef0ce17f4a698aba609b33e73c http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 11244 2297033448604abce36ceed918685799 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 178544 7895fa9f7ed7e6310953384cf14b44ac http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 236174 a49ffa36dcd626470f6406945f2a9b07 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 128182 c15737bbdb79e4ad6747ff1122c9010a http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 6132 6c41518edbf30a79fa5c619da6345a2c http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 11280 45e30b64c92200cc30ff35c076734f7c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 221288 3592d9842997a658007ac326caaed2a7 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 256768 834993c1049aca8c12420b92c92f28fb http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 137538 49b4a1e944f909ca495b525c2633a735 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 8730 01803cafeea784dbc818a5e0b280722f http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 14234 2ba3cc6f57abce5c990eef8d7c6fbceb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 183806 f2a9bbe1f571d06e74fc955ac8f59b72 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 238044 12858b8bde77b383f1089e8989394b38 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 124424 bf09c05c0bc3ec5c21ebdefbb095faa6 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 5978 952a5bf270a59b0f873dd1c6a1f67175 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 12022 629b0b70778ecd8fe824f3254cf27b90 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.diff.gz Size/MD5: 41121 c0ab3072d29ea0360ba47217778d4901 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.dsc Size/MD5: 1343 03d22a022fc88888d9d8935e0df737bf http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.3_all.deb Size/MD5: 334670 5cc39d1960ed0eaa84b0cef574f9019a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 193172 904b26a40f81337d896afb4dc99b6dac http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 251358 a2c45975bc8789e05a1fac873c54afdb http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 135204 747b17ea960047cfe980951780e16343 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 6330 1784c3b86fe6a9a68f8411b7ad816d4a http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 12006 24240bf743cd23ce670b4b486a7408a6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 175842 008409a183baa37db8c1c45a8f094a44 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 231870 56bb188c4596af1b901be03032d9a617 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 124248 3708797ed53d0d0b58769ff729ff18c0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 6446 cb3263d1be21404f7cb72866fdf6ad2a http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 11302 628741204ad187f2d66f724c49ee47f7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 177048 64a59e0441238751d0e74e47e414d27e http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 234210 73343fb5872ff0d51c90ffc1cc841c9f http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 125892 2f7f51f21359bec31fdb219176d46517 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 6314 5bd86ff35a7592a8cb6cc4fe5a19073f http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 11342 36a53ad5737a7381f123f9ba65efb694 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 191502 c6b963c4009baaa04afe123c7ec99f9c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 256282 8110d1fade42b772fbc2072ea209eb97 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 136778 dbba3ac2c70dbf380fe242bd68c53fa3 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 6736 1f111239548e12c69db166e59a190b3c http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 12086 0d49955b527ff8a6ff4943120ba553c5 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 184286 06388a8d95b34d4bfb7247c47c07906c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 236968 4208eb62edba48bbd6d280eedda2a0a4 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 124514 a6446a90d3e9d5629f8105603c9474dd http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 6100 76a69eccc98c82be32b0481df58d3de9 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 12026 c23e8ab257390fe565ebf103a8edaeb9 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.diff.gz Size/MD5: 17310 779fdd57e79090bedcec10b26eaf08ec http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.dsc Size/MD5: 1339 7d001b20ea0677cb63bbb4becf8ff69f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz Size/MD5: 1419742 93e56e421679c591de7552db13384cb8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.3_all.deb Size/MD5: 342306 e17c62cb61768cd0885bd5c71caa7f67 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 252274 0b359ab56d43865968c690765ef96a23 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 269444 364252fef2d31f9a59be006a60c6794e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 148610 19d95336d35bffd635787ac1174c6716 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 6390 7236b5c267df2ae7fbb805768c4d6314 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 12034 ad15f0ac0f19016a4498c3f22f90de43 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 232412 def529fa30067e222a10ce03fb4651e2 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 246484 3f78b62e3e411a05fcf9f97a9f77f21c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 136176 0fae675d248b4ab7cf77018d860a55ce http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 6492 fb5a44eaef7ee218d83a4482bd331c69 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 11290 c9ee0da107d51715c41bc5513a302532 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 253470 7fbf59b850974984a419f752830da31b http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 275072 a174c0a69bbe402b3d17a0085e69952d http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 150222 e460e28329d5754c4670647d08a2c9fb http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 6774 f5f491424e932a100199e8274d7b8eef http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 12098 c18d01ecf566a05ef689b2224bf0c343 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 248748 fc6cc955db82161bffe7ebf0dd5a4aea http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 257150 ccb51b6b25aa92dc09140d0fda8ef2b5 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 142870 5644962072cf924c15a559f9a0f00ddc http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 6238 d11701e3eb25d8201e363314c5ea4bbb http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 11922 be82dd608f5e01be8117b48eaa567ca0

Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. Attackers can exploit this issue to bypass certain security restrictions and edit user credentials. snom VoIP phone firmware versions prior to 8.2.35 are vulnerable. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Snom VoIP Phone Firmware User Interface Security Bypass SECUNIA ADVISORY ID: SA37635 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/37635/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=37635 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/37635/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/37635/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=37635 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is reported in 8.2 releases prior to 8.2.35. SOLUTION: Update to version 8.2.35. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message. An attacker can exploit this issue to cause active agents to logout, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCso89629. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml Affected Products ================= Cisco UCCX is an integrated "contact center in a box" solution for use in deployments of up to 300 agents. Vulnerable Products +------------------ The vulnerabilities described in this document affect the following products: * Cisco UCCX versions 5.x, 6.x, and 7.x * Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 5.x, 6.x, and 7.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. The CTI server is only started when the Integrated Call Distribution (ICD) license is enabled, Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) deployments are not affected by the CTI server DoS vulnerability. The CTI server listens by default on TCP port 42027, although the port number can be changed in the System Port Parameters screen. Directory Traversal Vulnerability +-------------------------------- A directory traversal vulnerability exists in the bootstrap service of the Cisco UCCX product that allows read access to any file on the system. This vulnerability is triggered by bootstrap messages addressed to TCP port 6295. The bootstrap service is used to keep the UCCX configuration synchronized across servers in a high-availability deployment model. All deployment modes can be affected, such as ICD, ICM and IP-IVR, but only if a second node has been added to the configuration. (Nodes can be listed using the Cisco UCCX Administration Web interface with the Server option in the System pull-down taskbar). A high-availability license is not required for a system to be vulnerable. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCso89629 - CTI Service DoS Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx76165 - Bootstrap Service Directory Traversal Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the Cisco UCCX CTI server DoS vulnerability will cause the agents to logout, and the Cisco UCCX server will be temporarily unavailable to agents until the node manager service and CTI server complete their automatic restart. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Successful exploitation of the Cisco UCCX bootstrap service directory traversal vulnerability enables an unauthenticated attacker to read any file on the system. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following tables indicate the versions of Cisco UCCX affected by the vulnerabilities described in this document. All the vulnerabilities are fixed in the latest versions of the products. CSCso89629 - CTI service DoS vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+----------------+------------------| | 8.0 | Not vulnerable | | |---------+----------------+------------------| | 7.0 | Vulnerable | 7.0(1)SR4, 7.0 | | | | (2) | |---------+----------------+------------------| | 6.0 | Vulnerable | 6.0(1) SR1 | |---------+----------------+------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ CSCsx76165 - Bootstrap service information disclosure vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+-------------+---------------------| | 8.0 | Not | | | | vulnerable | | |---------+-------------+---------------------| | 7.0 | Vulnerable | 7.0(1)SR2, 7.0(2) | |---------+-------------+---------------------| | 6.0 | Vulnerable | Update to a fixed | | | | release | |---------+-------------+---------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ Workarounds =========== There are no workarounds for these vulnerabilities. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20100609-uccx.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The DoS vulnerability was found during Cisco internal testing, and the bootstrap service directory traversal vulnerability was reported to the Cisco Technical Assistance Center (TAC) by a customer. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------------+ | Revision | 2010-June-09 | Initial public | | 1.0 | | release. | +---------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMDsr986n/Gc8U/uARAjPCAJoDHkSUpMORQLoL4zxxrQ8QB1QGyACcDk8E NAOf5ZPRZU4uki85FJsRtzU= =z7OE -----END PGP SIGNATURE-----

Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls. Cisco AXP consists of Linux-based open Cisco ISR hardware modules for application development and hosting. The technical support shell can be accessed using the techsupport support shell command. The authenticated Cisco AXP user can use the API to execute commands on the Cisco ISR. The Cisco AXP 1.5 release requires AXP users to be set up in the ISR configuration before using the API to execute commands. Cisco Application Extension Platform (AXP) is prone to a remote privilege-escalation vulnerability. This issue is tracked by Cisco Bug ID CSCtb65413. An authenticated attacker can exploit this issue to gain administrative access to the affected application. This may lead to a full compromise of the affected computer or aid in further attacks. The following are vulnerable: Cisco Application Extension Platform 1.1 Cisco Application Extension Platform 1.1.5 (when upgraded from 1.1). Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtb65413 - AXP techsupport shell privilege escalation vulnerabilities CVSS Base Score - 9 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may allow an authenticated user to obtain complete administrative access to a vulnerable Cisco Application Extension Platform module. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There is no workaround for this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Cisco Application Extension Platform software version 1.1.7 can be downloaded at the following link: http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=1.1.7&mdfid=282831883&sftType=Application+Extension+Platform+Installation+Packages&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+Application+Extension+Platform+Version+1.1&treeMdfId=268437899&treeName=Routers&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by n.runs AG. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-axp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------------+ | Revision | 2010-June-09 | Initial puiblic | | 1.0 | | release. | +---------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD4DBQFMDswe86n/Gc8U/uARAsyIAJ9Xy21nCPKCfpqwjQCBD9nDnkeuyACWMBWR L6wENZxv1+jhhzroz0gEJg== =y/rh -----END PGP SIGNATURE-----

Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. WAP54Gv3 is prone to a remote security vulnerability. Linksys WAP54Gv3 firmware has multiple arbitrary command execution vulnerabilities. These parameters include: data2 parameter and data3 parameter of Debug_command_page.asp and debug.cgi

Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. Cisco Unified Contact Center Express is prone to a directory-traversal vulnerability. An attacker can exploit this issue to view any file on the computer through the bootstrap service. Successful exploits may lead to other attacks. This issue is tracked by Cisco BugID CSCsx76165. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml Affected Products ================= Cisco UCCX is an integrated "contact center in a box" solution for use in deployments of up to 300 agents. Vulnerable Products +------------------ The vulnerabilities described in this document affect the following products: * Cisco UCCX versions 5.x, 6.x, and 7.x * Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 5.x, 6.x, and 7.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Denial of Service Vulnerabilities +-------------------------------- A DoS vulnerability exists in the computer telephony integration (CTI) server component of the Cisco UCCX product. The CTI server is only started when the Integrated Call Distribution (ICD) license is enabled, Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) deployments are not affected by the CTI server DoS vulnerability. The CTI server listens by default on TCP port 42027, although the port number can be changed in the System Port Parameters screen. This vulnerability is triggered by malformed CTI messages addressed to the vulnerable systems that could cause the CTI server and the Cisco Unified CCX Node Manager to fail, and all active agents will be logged out. The DoS condition will be temporal and the Cisco UCCX system will become operational again once the node manager and the CTI server complete their automatic restart. This vulnerability is documented in Cisco Bug ID CSCso89629 and has been assigned CVE ID CVE-2010-1570. This vulnerability is triggered by bootstrap messages addressed to TCP port 6295. The bootstrap service is used to keep the UCCX configuration synchronized across servers in a high-availability deployment model. All deployment modes can be affected, such as ICD, ICM and IP-IVR, but only if a second node has been added to the configuration. (Nodes can be listed using the Cisco UCCX Administration Web interface with the Server option in the System pull-down taskbar). A high-availability license is not required for a system to be vulnerable. This vulnerability is documented in Cisco Bug ID CSCsx76165 and has been assigned CVE ID CVE-2010-1571. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCso89629 - CTI Service DoS Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx76165 - Bootstrap Service Directory Traversal Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the Cisco UCCX CTI server DoS vulnerability will cause the agents to logout, and the Cisco UCCX server will be temporarily unavailable to agents until the node manager service and CTI server complete their automatic restart. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following tables indicate the versions of Cisco UCCX affected by the vulnerabilities described in this document. All the vulnerabilities are fixed in the latest versions of the products. CSCso89629 - CTI service DoS vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+----------------+------------------| | 8.0 | Not vulnerable | | |---------+----------------+------------------| | 7.0 | Vulnerable | 7.0(1)SR4, 7.0 | | | | (2) | |---------+----------------+------------------| | 6.0 | Vulnerable | 6.0(1) SR1 | |---------+----------------+------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ CSCsx76165 - Bootstrap service information disclosure vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+-------------+---------------------| | 8.0 | Not | | | | vulnerable | | |---------+-------------+---------------------| | 7.0 | Vulnerable | 7.0(1)SR2, 7.0(2) | |---------+-------------+---------------------| | 6.0 | Vulnerable | Update to a fixed | | | | release | |---------+-------------+---------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ Workarounds =========== There are no workarounds for these vulnerabilities. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20100609-uccx.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------------+ | Revision | 2010-June-09 | Initial public | | 1.0 | | release. | +---------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMDsr986n/Gc8U/uARAjPCAJoDHkSUpMORQLoL4zxxrQ8QB1QGyACcDk8E NAOf5ZPRZU4uki85FJsRtzU= =z7OE -----END PGP SIGNATURE-----

Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. Juniper Networks IVE OS is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are also possible. IVE OS 6.5R1.0 and 6.5R2.0 are vulnerable; prior versions may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Juniper IVE OS Redirection Weakness SECUNIA ADVISORY ID: SA40117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40117 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/40117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Richard Brain has reported a weakness in Juniper IVE OS, which can be exploited by malicious people to conduct redirection attacks. The weakness is caused due to the homepage.cgi script allowing to redirect users to a site specified by an attacker. This can be exploited to e.g. redirect users to an (untrusted) fake site. The weakness is reported in version 6.5R1 (Build 14599) and version 6.5R2 (Build 14951) using Model SA-2000. SOLUTION: Update to version 6.5R3.1 (build 15255). PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd ORIGINAL ADVISORY: Juniper: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-05-751&viewMode=view ProCheckUp Ltd: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. (1) Debug_command_page.asp and debug.cgi to data1 parameters (2) Debug_command_page.asp and debug.cgi to data2 parameters (3) Debug_command_page.asp and debug.cgi to data3 parameters. Successful attacks allow an attacker to gain access to the device. Linksys WAP54Gv3 wireless router devices are prone to a security-bypass vulnerability because they allow access to debugging scripts through hard coded credentials. The following firmware versions are vulnerable: 3.05.03 (Europe) 3.04.03 (US) Other versions or devices may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Linksys WAP54G Undocumented Debug Interface Vulnerability SECUNIA ADVISORY ID: SA40103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40103 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cristofaro Mune has reported a vulnerability in Linksys WAP54G, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to the device containing the undocumented "Debug_command_page.asp" and "debug.cgi" debug scripts. This can be exploited to e.g. gain root access by accessing the debug scripts using hard-coded credentials. The vulnerability is reported in version 3.05.03 and 3.04.03. Note: Reportedly, this only affects devices running a firmware approved for EMEA (Europe, Middle East, and Africa). SOLUTION: Restrict access using a proxy or firewall. PROVIDED AND/OR DISCOVERED BY: Cristofaro Mune ORIGINAL ADVISORY: http://www.icysilence.org/?p=268 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Motorola SB5101 is a cable modem. Motorola SB5101 Hax0rware has multiple security vulnerabilities that allow remote attackers to perform denial of service attacks on devices. - Unverified attackers can send multiple log reset requests to the eventlog.cgi script to restart the device and cause a denial of service attack. - The unauthenticated attacker sends a GET request with more than 1 byte but no correct request line to the device 80 port, such as [ GET /somepath/file.cgi ], the http daemon crashes. Motorola SB5101 Haxorware Firmware is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause the application to crash, resulting in a denial-of-service condition. Haxorware 1.1 R30, 1.1 R32 and 1.1 R39 are vulnerable; other versions may also be affected

Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed.No details available.