VARIoT IoT vulnerabilities database
| VAR-200811-0316 | CVE-2008-4229 | Apple iPhone OS of Passcode Lock Race condition vulnerability |
CVSS V2: 3.7 CVSS V3: - Severity: LOW |
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. The password lock function is used to prevent unauthorized startup of applications. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0317 | CVE-2008-4230 | Apple iPhone OS of Passcode Lock In SMS Message displayed vulnerability |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0315 | CVE-2008-4228 | Apple iPhone OS of Passcode Lock Vulnerabilities that allow emergency calls to any number |
CVSS V2: 3.6 CVSS V3: - Severity: LOW |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. The iPhone allows emergency calls while locked. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0314 | CVE-2008-4227 | Apple iPhone OS In PPTP VPN Connection hijack vulnerability related to connection encryption |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0011 | CVE-2008-1586 | Apple iPhone OS of ImageIO In Service operation interruption (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. A memory exhaustion vulnerability exists in the way TIFF graphics are handled, and viewing specially crafted TIFF graphics may cause the device to restart unexpectedly. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0451 | No CVE | 3Com AP 8760 bypasses authentication, leaking passwords, and SNMP injection vulnerabilities |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
3Com Wireless 8760 Dual-Radio 11a/b/g PoE is a wireless access router for all types of businesses. The HTTP authentication mechanism of the 3Com AP 8760 is as follows: 1. The router checks whether the credentials submitted by the user are valid. 2. If valid, the router's web interface redirects the user to a URL that is only available to authenticated administrative users. Each time an authenticated URL is accessed, no authentication data is sent in the HTTP request, including the password or session ID. The AP simply uses the administrator's source IP address as the authentication data. That is to say, the authentication status only depends on the assumption that the attacker does not know the URL after authentication and the administrator does not share the same source IP address. As long as the administrator URL is accessed from a browser with the same IP address (such as by sharing the same proxy or NAT IP address), the authentication check can be completely bypassed. If you submit a malicious request to the 3Com AP 8760 router, you may also return sensitive data, including the administrator password, on some pages. When changing the system name via SNMP, if a cross-site scripting load is injected on a page such as a login page, the administrator password can be redirected to its own site by overwriting the operational properties of the login form.
Successfully exploiting these issues will allow an attacker to obtain administrative credentials, bypass security mechanisms, or run attacker-supplied HTML and script code in the context of the web administration interface. The attacker may then be able to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible
| VAR-200901-0056 | CVE-2008-5849 | Check Point VPN-1 Intranet IP Address disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. Check Point VPN-1 is prone to an information-disclosure weakness.
An attacker can exploit this issue to learn the IP of devices on the internal network. This may aid in further attacks. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Checkpoint VPN-1 Information Disclosure Vulnerability
SECUNIA ADVISORY ID:
SA32728
VERIFY ADVISORY:
http://secunia.com/advisories/32728/
CRITICAL:
Not critical
IMPACT:
Exposure of system information
WHERE:
>From remote
SOFTWARE:
Check Point VPN-1/FireWall-1 NGX
http://secunia.com/advisories/product/6010/
Check Point VPN-1 UTM NGX
http://secunia.com/advisories/product/13346/
Check Point VPN-1 Power NGX
http://secunia.com/advisories/product/13348/
DESCRIPTION:
Tim Brown and Mark Lowe have reported a vulnerability in Checkpoint
VPN-1 products, which can be exploited by malicious people to
disclose certain system information.
The vulnerability is caused due to an error in the port address
translation (PAT) feature when responding with ICMP time exceeded
messages. This can be exploited to disclose e.g.
SOLUTION:
The vendor recommends to block ICMP errors.
PROVIDED AND/OR DISCOVERED BY:
Tim Brown and Mark Lowe, Portcullis Computer Security
ORIGINAL ADVISORY:
CheckPoint (Solution ID: sk36321):
https://supportcenter.checkpoint.com/supportcenter/index.jsp
Portcullis Computer Security:
http://www.portcullis.co.uk/293.php
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200902-0395 | CVE-2008-6122 | Netgear WGR614 of Web Service disruption in the management interface (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). NETGEAR WGR614 is prone to a denial-of-service vulnerability that occurs in the administration web interface. NETGEAR WGR614 is a small wireless broadband router. WGR614 routers have loopholes when processing malformed requests. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Netgear WGR614 Web Interface Request Denial of Service
SECUNIA ADVISORY ID:
SA32716
VERIFY ADVISORY:
http://secunia.com/advisories/32716/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Netgear WGR614v9
http://secunia.com/advisories/product/20525/
DESCRIPTION:
sr. has reported a vulnerability in Netgear WGR614v9, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Restrict access to the web interface.
PROVIDED AND/OR DISCOVERED BY:
sr.
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065619.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0218 | CVE-2008-5041 | Sweex RO002 Router Vulnerabilities that gain access |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Successful exploitation will allow attackers to gain access to the router's web configuration interface.
RO002 Router with firmware Ts03-072 is vulnerable; other versions may be affected as well. Sweex RO002 is a broadband router mainly used in Europe. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Sweex RO002 Router Undocumented Account Security Issue
SECUNIA ADVISORY ID:
SA32623
VERIFY ADVISORY:
http://secunia.com/advisories/32623/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Sweex RO002 Router
http://secunia.com/advisories/product/20462/
DESCRIPTION:
Rob Stout has reported a security issue in the Sweex RO002 Router,
which can be exploited by malicious people to bypass certain security
restrictions. modify the configuration.
The security issue is reported in firmware version Ts03-072.
Reportedly, the vendor is working on a fix.
PROVIDED AND/OR DISCOVERED BY:
Rob Stout
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0021 | CVE-2008-6916 | NetPort Software Comes with Siemens SpeedStream 5200 Vulnerabilities that bypass authentication |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. Siemens SpeedStream 5200 are prone to an authentication-bypass vulnerability that may allow attackers to gain unauthorized administrative access to a router's administration interface. SpeedStream 5200 is an ADSL router suitable for small and medium enterprises. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Siemens SpeedStream 5200 "Host" Header Authentication Bypass
SECUNIA ADVISORY ID:
SA32635
VERIFY ADVISORY:
http://secunia.com/advisories/32635/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Siemens SpeedStream 5200
http://secunia.com/advisories/product/20486/
DESCRIPTION:
hkm has reported a vulnerability in Siemens SpeedStream 5200, which
can be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error in the authentication
process when processing HTTP "Host" headers. This can be exploited to
bypass authentication and e.g. download the router configuration via
an HTTP request containing a wrong "Host" header.
SOLUTION:
Restrict access to the affected device.
PROVIDED AND/OR DISCOVERED BY:
hkm
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/7055
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0453 | No CVE | Siemens SpeedStream 5200 Host Header Bypass Authentication Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SpeedStream 5200 is an ADSL router for SMEs.
The authentication process of the SpeedStream 5200 router does not properly verify the HTTP Host header. A remote attacker can bypass the authentication by sending a malicious HTTP request to download the router information.
| VAR-200811-0201 | CVE-2008-4387 | SAP AG SAPgui 'mdrmsap.dll' ActiveX Control Remote Code Execution Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. SAP AG SAPgui is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA32682
VERIFY ADVISORY:
http://secunia.com/advisories/32682/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
SAP GUI 6.x
http://secunia.com/advisories/product/3337/
SAP GUI 7.x
http://secunia.com/advisories/product/16959/
DESCRIPTION:
A vulnerability has been reported in SAPgui, which can be exploited
by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error in the
bundled MDrmSap ActiveX control (mdrmsap.dll). This can be exploited
to compromise a user's system by e.g. tricking the user into visiting
a malicious website.
SOLUTION:
The vendor has reportedly issued a patch via SAP Note 1142431.
http://service.sap.com/sap/support/notes/1142431
PROVIDED AND/OR DISCOVERED BY:
Will Dormann, CERT/CC.
ORIGINAL ADVISORY:
US-CERT VU#277313:
http://www.kb.cert.org/vuls/id/277313
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0398 | CVE-2008-5230 | Of unspecified Cisco products and other vendor products TKIP Packet decryption in / Impersonation and ARP Vulnerability such as performing poisoning |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. Wi-Fi Protected Access (WPA) Encryption Standard is prone to an encryption-bypass vulnerability that affects the Temporal Key Integrity Protocol (TKIP) key.
Attackers can exploit this issue to overcome the WPA encryption algorithm and read encrypted data sent from a wireless router to a computer. This may allow attackers to obtain potentially sensitive information; other attacks are also possible. If a remote attacker sends a specially crafted playback message, it may be easier to crack the client's packets, and then perform ARP spoofing or other attacks. Please note that this attack is not a key recovery attack. The attacker can only recover the key used to authenticate the message but not the key used to encrypt and obfuscate data, and can only use the recovered key to forge captured packets. Wen, with a window of opportunity of up to 7 attempts. Each attack can only decrypt one message, and the time spent is about 12-15 minutes
| VAR-200904-0147 | CVE-2008-6720 |
DeltaScripts PHP Links of admin/adm_login.php In SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-200801-0039, VAR-E-200811-0117 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field). DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Links 1.3 is vulnerable; other versions may also be affected
| VAR-200811-0138 | CVE-2008-4963 |
Cisco IOS and CatOS In VTP Interfering with service operations related to packet processing (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200811-1138 |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. Cisco IOS and CatOS are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users.
This issue is being tracked by Cisco Bug IDs CSCsv05934 and CSCsv11741. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Cisco IOS / CatOS VLAN Trunking Protocol Vulnerability
SECUNIA ADVISORY ID:
SA32573
VERIFY ADVISORY:
http://secunia.com/advisories/32573/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Cisco Catalyst 6500 Series 12.x
http://secunia.com/advisories/product/15864/
Cisco CATOS 5.x
http://secunia.com/advisories/product/526/
Cisco CATOS 6.x
http://secunia.com/advisories/product/527/
Cisco CATOS 7.x
http://secunia.com/advisories/product/185/
Cisco CATOS 8.x
http://secunia.com/advisories/product/3564/
Cisco IOS 10.x
http://secunia.com/advisories/product/184/
Cisco IOS 11.x
http://secunia.com/advisories/product/183/
Cisco IOS 12.x
http://secunia.com/advisories/product/182/
Cisco IOS R11.x
http://secunia.com/advisories/product/53/
Cisco IOS R12.x
http://secunia.com/advisories/product/50/
Cisco IOS XR 3.x
http://secunia.com/advisories/product/4907/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS/CatOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the
handling of VLAN Trunking Protocol (VTP) packets.
Successful exploitation requires that "VTP Operating Mode" is set to
"server" or "client".
SOLUTION:
Apply configuration best practices to limit exposure to exploitation
(please see the vendor advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits showrun.lee.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0092 | CVE-2008-4956 | fwb_install in fwbuilder Vulnerable to overwriting arbitrary files |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file. Fwbuilder is prone to a local security vulnerability. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Firewall Builder: Privilege escalation
Date: January 23, 2012
Bugs: #235809, #285861
ID: 201201-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Insecure temporary file usage in Firewall Builder could allow attackers
to overwrite arbitrary files.
Background
==========
Firewall Builder is a GUI for easy management of multiple firewall
platforms.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-firewall/fwbuilder < 3.0.7 >= 3.0.7
Description
===========
Two vulnerabilities in Firewall Builder allow the iptables and
fwb_install scripts to use temporary files insecurely.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Firewall Builder users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since March 09, 2010. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2008-4956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956
[ 2 ] CVE-2009-4664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-200810-0643 | CVE-2008-4309 |
net-snmp of netsnmp_create_subtree_cache Integer overflow vulnerability in functions
Related entries in the VARIoT exploits database: VAR-E-200810-0809 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. net-snmp of netsnmp_create_subtree_cache Functions include SNMP GETBULK An integer overflow vulnerability exists due to a flaw in processing requests.Crafted by a third party SNMP GETBULK Service interruption due to request (DoS) There is a possibility of being put into a state. Net-SNMP is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.
This issue affects versions *prior to* the following:
Net-SNMP 5.2.5.1
Net-SNMP 5.3.2.3
Net-SNMP 5.4.2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200901-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Denial of Service
Date: January 21, 2009
Bugs: #245306
ID: 200901-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in Net-SNMP could lead to a Denial of Service.
Background
==========
Net-SNMP is a collection of tools for generating and retrieving SNMP
data.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/net-snmp < 5.4.2.1 >= 5.4.2.1
Description
===========
Oscar Mira-Sanchez reported an integer overflow in the
netsnmp_create_subtree_cache() function in agent/snmp_agent.c when
processing GETBULK requests. NOTE: The attacker needs to know the community string to
exploit this vulnerability.
Workaround
==========
Restrict access to trusted entities only.
Resolution
==========
All Net-SNMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1"
References
==========
[ 1 ] CVE-2008-4309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200901-15.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Affected packages:
Pardus 2008:
net-snmp, all before 5.4.1-7-3
net-snmptrap, all before 5.4.1-7-3
Resolution
==========
There are update(s) for net-snmp, net-snmptrap. You can update them via
Package Manager or with a single command from console:
pisi up net-snmp net-snmptrap
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8577
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4309
------------------------------------------------------------------------
--
Pardus Security Team
http://security.pardus.org.tr
_______________________________________________
Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station
(802.11n) Firmware 7.5.2
Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is
now available and addresses the following:
CVE-ID: CVE-2008-4309
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may terminate the operation of the SNMP
service
Description: An integer overflow exists in the
netsnmp_create_subtree_cache function. By sending a maliciously
crafted SNMPv3 packet, an attacker may cause the SNMP server to
terminate, denying service to legitimate clients. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches.
CVE-ID: CVE-2009-2189
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: Receiving a large number of IPv6 Router Advertisement (RA)
and Neighbor Discovery (ND) packets from a system on the local
network may cause the base station to restart
Description: A resource consumption issue exists in the base
station's handling of Router Advertisement (RA) and Neighbor
Discovery (ND) packets. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue.
CVE-ID: CVE-2010-0039
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: An attacker may be able to query services behind an AirPort
Base Station or Time Capsule's NAT from the source IP of the router,
if any system behind the NAT has a portmapped FTP server
Description: The AirPort Extreme Base Station and Time Capsule's
Application-Level Gateway (ALG) rewrites incoming FTP traffic,
including PORT commands, to appear as if it is the source. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue.
CVE-ID: CVE-2009-1574
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference in racoon's handling of
fragmented ISAKMP packets may allow a remote attacker to cause an
unexpected termination of the racoon daemon. This issue is addressed
through improved validation of fragmented ISAKMP packets.
CVE-ID: CVE-2010-1804
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may cause the device to stop processing
network traffic
Description: An implementation issue exists in the network bridge.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
Installation note for Firmware version 7.5.2
Firmware version 7.5.2 is installed into Time Capsule or AirPort Base
Station with 802.11n via AirPort Utility, provided with the device.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0001
Synopsis: ESX patches address an issue loading corrupt virtual
disks and update Service Console packages
Issue date: 2009-01-30
Updated on: 2009-01-30 (initial release of advisory)
CVE numbers: CVE-2008-4914 CVE-2008-4309 CVE-2008-4226
CVE-2008-4225
- ------------------------------------------------------------------------
1. Summary
Updated ESX patches address an issue loading corrupt
virtual disks and update Service Console packages
for net-snmp and libxml2.
2. Relevant releases
VMware ESXi 3.5 without patch ESXe350-200901401-I-SG
VMware ESX 3.5 without patches ESX350-200901401-SG,
ESX350-200901409-SG,
ESX350-200901410-SG
VMware ESX 3.0.3 without patches ESX303-200901405-SG,
ESX303-200901406-SG
VMware ESX 3.0.2 without patches ESX-1007673, ESX-1007674
NOTE: Extended support for ESX 3.5 Update 1 ends on 7/25/2009, users
should plan to upgrade to at least ESX 3.5 Update 2 by that
time.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
the newest release available.
3. Problem Description
a. Loading a corrupt delta disk may cause ESX to crash
If the VMDK delta disk of a snapshot is corrupt, an ESX host might
crash when the corrupted disk is loaded. VMDK delta files exist
for virtual machines with one or more snapshots. This change ensures
that a corrupt VMDK delta file cannot be used to crash ESX hosts.
A corrupt VMDK delta disk, or virtual machine would have to be loaded
by an administrator.
VMware would like to thank Craig Marshall for reporting this issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4914 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi ESXe350-200901401-I-SG
ESX 3.5 ESX ESX350-200901401-SG
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Updated Service Console package net-snmp
Net-SNMP is an implementation of the Simple Network Management
Protocol (SNMP). SNMP is used by network management systems to
monitor hosts.
A denial-of-service flaw was found in the way Net-SNMP processes
SNMP GETBULK requests. A remote attacker who issued a specially-
crafted request could cause the snmpd server to crash.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4309 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200901409-SG
ESX 3.0.3 ESX ESX303-200901405-SG
ESX 3.0.2 ESX ESX-1007673
ESX 2.5.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Updated Service Console package libxml2
An integer overflow flaw causing a heap-based buffer overflow was
found in the libxml2 XML parser. If an application linked against
libxml2 processed untrusted, malformed XML content, it could cause
the application to crash or, possibly, execute arbitrary code.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2008-4226 to this issue.
A denial of service flaw was discovered in the libxml2 XML parser.
If an application linked against libxml2 processed untrusted,
malformed XML content, it could cause the application to enter
an infinite loop.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4225 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200901410-SG
ESX 3.0.3 ESX ESX303-200901406-SG
ESX 3.0.2 ESX ESX-1007674
ESX 2.5.5 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESXi
----
ESXi 3.5 patch ESXe350-200901401-I-SG
http://download3.vmware.com/software/vi/ESXe350-200901401-O-SG.zip
md5sum: 588dc7bfdee4e4c5ac626906c37fc784
http://kb.vmware.com/kb/1006661
NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and
the VI Client "C" are contained in a single offline "O"
download file.
ESX
---
ESX 3.5 patch ESX350-200901401-SG (VMDK)
http://download3.vmware.com/software/vi/ESX350-200901401-SG.zip
md5sum: 2769ac30078656b01ca1e2fdfa3230e9
http://kb.vmware.com/kb/1006651
ESX 3.5 patch ESX350-200901409-SG (net-snmp)
http://download3.vmware.com/software/vi/ESX350-200901409-SG.zip
md5sum: 2c75cd848d9f3c51619b9a7bd60d20a3
http://kb.vmware.com/kb/1006659
ESX 3.5 patch ESX350-200901410-SG (libxml2)
http://download3.vmware.com/software/vi/ESX350-200901410-SG.zip
md5sum: 061f96373244e7eab3f0d5fe2415ce91
http://kb.vmware.com/kb/1006660
ESX 3.0.3 patch ESX303-200901405-SG (net-snmp)
http://download3.vmware.com/software/vi/ESX303-200901405-SG.zip
md5sum: 9983b63a1e2dc7fb3d80f0021c1c347c
http://kb.vmware.com/kb/1007681
ESX 3.0.3 patch ESX303-200901406-SG (libxml2)
http://download3.vmware.com/software/vi/ESX303-200901406-SG.zip
md5sum: 2d5a827ccaf406a54dd3a5affee39db0
http://kb.vmware.com/kb/1007682
ESX 3.0.2 patch ESX-1007673 (net-snmp)
http://download3.vmware.com/software/vi/ESX-1007673.tgz
md5sum: af4a36d2b4d731177210c789df844974
http://kb.vmware.com/kb/1007673
ESX 3.0.2 patch ESX-1007674 (libxml2)
http://download3.vmware.com/software/vi/ESX-1007674.tgz
md5sum: fb4b5e9a03dea5b9e24cc0766ddd2581
http://kb.vmware.com/kb/1007674
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
- ------------------------------------------------------------------------
6. Change log
2009-01-30 VMSA-2009-0001
Initial security advisory after release of patches for ESXi, ESX 3.5,
ESX 3.0.3, ESX 3.0.2 on 2009-01-30.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFJhAYnS2KysvBH1xkRAiqwAJ47A5mvajtIwB6kZCcNcvUGoraANACbBTsD
cgkdo5JKkJLgol+Y2VXW1co=
=PvKt
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ===========================================================
Ubuntu Security Notice USN-685-1 December 03, 2008
net-snmp vulnerabilities
CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsnmp-perl 5.2.1.2-4ubuntu2.3
libsnmp9 5.2.1.2-4ubuntu2.3
Ubuntu 7.10:
libsnmp-perl 5.3.1-6ubuntu2.2
libsnmp10 5.3.1-6ubuntu2.2
Ubuntu 8.04 LTS:
libsnmp-perl 5.4.1~dfsg-4ubuntu4.2
libsnmp15 5.4.1~dfsg-4ubuntu4.2
Ubuntu 8.10:
libsnmp15 5.4.1~dfsg-7.1ubuntu6.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wes Hardaker discovered that the SNMP service did not correctly validate
HMAC authentication requests. (CVE-2008-0960)
John Kortink discovered that the Net-SNMP Perl module did not correctly
check the size of returned values. If a user or automated system were
tricked into querying a malicious SNMP server, the application using
the Perl module could be made to crash, leading to a denial of service.
This did not affect Ubuntu 8.10. (CVE-2008-2292)
It was discovered that the SNMP service did not correctly handle large
GETBULK requests. (CVE-2008-4309)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.diff.gz
Size/MD5: 75402 9655d984a47cec8e27efa4db0b227870
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.dsc
Size/MD5: 838 17a17230a005c1acfd0569757e728fad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 1152306 f7647cee4df8db87ab48c0d05635a973
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 822946 b9b852c188937d1fffc06d4da01325d5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 896620 a78012b3f0f13667081f97dc1a4d62e8
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1497194 7d55b8d1e4ae0c45753bedcf536a1a5a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1826252 0550c1401f9bbe5f345fd96484ed369c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 889330 5ad0ddb2c610973166e4dd07769ba3d3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 797086 18cf4210342b683d3ee24fe995329b55
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 896880 298d27ea1ece6e80bb8931b9a5e61961
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1268472 acbca43ab7ea747fa3e4636d15ef997c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1710342 bd27290685bcf1d6a23eb8705d3367e7
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 881838 58121bd9e4c845da7df4e540645e0e13
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 794672 221d1c554bd89f50dc3ac9108a6cef6b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 913064 45a033b01c4b31ef90a92988bb5fb229
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1590124 b62aa5477d9307d311c811298b7ec3d9
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1728094 5214ce9aebe3a8d7a28a1746a81ce8ea
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 898580 86e6c1b5dfb5bf91f63d7c6786b7abae
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 796092 1bab28407224f782b2c3ae04b4647333
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 896832 3d233db9682d5654fdad6bc6b5a649ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1485268 064304ead0ca4653136376e8e9039e74
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1706490 cb76027eb8167e0866a81b93a4da28ed
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 883182 d1ffc12427d92be51efdba3349e74f9a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 796374 0f3f749ebe4af6111fe49316639004e4
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.diff.gz
Size/MD5: 94646 8b6f9380d9f8c5514a1d4db729c6df04
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.dsc
Size/MD5: 1287 f53866efd3ae4f3c939a77b1005e1f11
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz
Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 484306 f2d03276d1cdcef7e8b276ad8ca9595d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 901284 6889b371d4de92eb61bf83b89d8a8c37
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 2541692 1e6de4bd3c3baa444a2e1980a593a40e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 968940 7efe4bdcb99f311f1c4bb2c3b9d24a4e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 1200930 821861c24499cfdfa2a82c329c610c16
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 996572 00cc1a4c8c7924124984e666563e73d0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 908792 a40763280a3bdbe60eca5e07c5d6c30c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 2321524 59d44616802197e1227cf88abddefe36
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 967106 a6e5b308d889bdf6f5abe454e35ba474
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 1124462 ec99daa26d0fafba6e9f0b874a23bf3d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 991956 cb20b6a4d68a858ffa0846431169d411
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 907546 1ab5119e23a16e99203c113d49fc2723
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 2305548 da57690a3327196e0c3684735be23f2e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 968984 8da336a5fd871be10e6b8d66d3b9c9d3
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 1074500 e4d6690a6a6a543fc0244a29cd350c9b
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 989566 2d2f4b1662e6a2dffafe8e98f00a15e7
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 907596 4274e006754ebc836132166e0f0429a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 2641202 9b2ec56463ee715752b780aa332d8cd0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 985722 a2fca8426b7b51e98c39b91a468bf71f
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1154496 6073239f7ffead2a5b9c3357ada1602c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1018596 af12cc55597a0d2d3a92b4b5d683bb14
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 911866 57e2246930e712bdc1b039840d43af48
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 2527568 19b1a0971259a9b99f9c0386f5935bfc
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 970264 d8ae7f0bb10375ad487b14ba031cd013
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 1078842 2401fc4c40352b8c8013e8c5de3b0ecd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 995228 16b230d3c718d8eb4a023126bd09d7f5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 908708 1e410a8ddac41ad9faec901c5a638f29
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.diff.gz
Size/MD5: 78642 b4acf50e47be498e579b934f32081d25
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.dsc
Size/MD5: 1447 0abcea5df87851df2aae7ebd1fc00e7a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 526864 f3a131bf5a4f5c547573430cb66d410c
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 102072 2f276f50efdb7e34f7e61f132f7f7cd7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1796950 283c5a95206ab74062e0e30eba4e0890
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 142522 9fff294368a7eac39e37fa478ac6609d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1296694 d0646a1543c51f14a93b40f972bc1569
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 163178 0378a25e3b2a0bc80ddb8ec720b5557d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 75960 fcba461f2e2376cad515329791e04a17
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 38512 21d9ecbc86a8e5965047d027e94fd324
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1556806 39e4f63b841c4b36c022017d66c12f58
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 179478 5f08596ae997792920e238ff8cd2a7ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1098794 38bc61a5b403fb4f626a641a5f13e681
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 157954 66e38c37639f3c68e7e4a933fa953ff3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 74116 50b3a4d0cfd38585d2711d30cf725e9d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 75038 98cdeec4b1014568b00107a82fc74418
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1552018 d9dcab084f3b9bf3e8c36cb5db8f141e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 141508 96061180809cccc975e0d7079e07ed3e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1171530 2d91048fe0a2ac9e3a4fddb84c67513e
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 155564 c67ba3aeb2535ee3e7fc4c89e90ba36a
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 74274 db05202893f516398bbe4e2153ef2d6e
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 35552 a75caf212ffb5a0eafe4ba2656c9aae1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1874428 0ed8b5f4e6bad74d506d73447de00bd2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 158374 dfcd7c4455b4bbd3f746368058d09a59
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1238226 b5b3a81e956cdb14674d571694d1b6d0
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 185314 5e9d8bd56493f75ae8a8691c530aa420
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 83106 75dea32ec7152b7868fabf09d9d5a198
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 42928 214fe703fced2e387b48b51dcbb1d6b7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1760062 ade4c08289d947d092a5b2ab06517cc7
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 143860 62b7260d618531b0ed5e7871ab7b99a9
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1159702 28ea81660bbdd9d7982be58d225e8814
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 160236 196e493ce73905446a3764e73b99f332
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 75518 f24e4b0e3e4a7d97c28da99cdc0a47a5
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 38240 873f5e820e381ec2254ed520bcd09af0
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.diff.gz
Size/MD5: 82260 85fb58aa81933f142bd937bca2e18341
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.dsc
Size/MD5: 1956 1ee06f6b731eae435af6a2d438ef909b
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 527650 9c56f3d70018b714895a61c0daba9498
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 103060 108eb50387ca46b4ee38ebb8722ced88
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1815638 82385081fe2d4eeb1a6c94f9dae672ad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 146154 1b6249e02e89213f2f4d2aa9c9123420
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1315628 8443e091f2c63485a422236ad23e55cd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 165522 154a05824b98e041ceac60ac83709ef4
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 77914 8d6e328f309e78bf1fcf21c2633d82ec
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 39930 6b7a1a67ca63b5c843ce66f3547b3c89
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1569568 dd0599b150eccee9889325d17a7b0769
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 184264 52a54aebef81648164a5bc90f27b0cc5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1119072 10c81fe283b25e7ad31fcfd88a2325f0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 156112 6296f0836bc9797ff48810c79965c3a5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 74476 bd96a6915eb97fed083aac4daa5f07cf
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 77652 3e30e51c362dfa982a3b3197be081328
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1557614 065f4575c7a2d257fa6b5b9d0cee454f
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 144292 b55f2c4aff8a86499d7f38fd6e773f44
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1184272 84116fefdce279ce338ffc9614384c06
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 154444 ffe9e765a01695355bdb58008a2910f5
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 73746 762e75672fbd395d2d159513f5d572b0
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 36530 0a98b51b94a5f75d4131d657aa766579
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1884632 a3ad023841ee605efa1e055712b44d9a
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 161074 5586adea8200d2d5bf81f288b5bf7be2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1249636 48ec688499fea1dc0ccb3091c0158fb8
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 181952 8ef5f6b9b6c6b8e4fcd5cb37147304a2
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 81802 965218126fb5a49cfcd9e20afeb49782
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 43048 09f2f9ed9f519ca5723411802e46d48b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1759316 46455cc355c1b808243eada0f134d00b
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 145164 2cdb5b35db853c7c184a44022fc23cd8
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1159834 cfff424e5bff38bb3ef9419f03465388
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 163042 354f7a5423a34c411c5f8620c66d3e58
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 76994 ca11bcf9a411f618e35e1d6b6ab8c8f9
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 38526 172493ec5df1866e2633e074c7f38775
| VAR-200811-0097 | CVE-2008-4918 | SonicWALL Pro 2040 Used in SonicWALL SonicOS Enhanced Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking.". This vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link.The specific flaw exists in the default error page displayed when a user requests access to a web site that is blocked based on the devices content-filtering rules. Insufficient sanity checks allow an attacker to craft a URL that will trigger an error and simultaneously inject a malicious script. As the browser is unable to differentiate between content delivered from the original top level site requested and the inline device, the script injection occurs under the context of the target domain. This can result in various further compromise. SonicWALL Content Filtering is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input when displaying URI address data in a blocked-site error page.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of an arbitrary site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to SonicWALL Content Filtering on SonicOS Enhanced 4.0.1.1 are vulnerable. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
SonicWALL Products Content Filtering Service Cross-Site Scripting
SECUNIA ADVISORY ID:
SA32498
VERIFY ADVISORY:
http://secunia.com/advisories/32498/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
SonicWALL TZ Series
http://secunia.com/advisories/product/4882/
SonicWALL Pro Series
http://secunia.com/advisories/product/232/
DESCRIPTION:
A vulnerability has been reported in various SonicWALL products,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed via a URL is not properly sanitised before being
returned in a Content Filtering Service message that a site is
blocked.
SOLUTION:
Update to SonicOS version 4.0.1.1 or later.
PROVIDED AND/OR DISCOVERED BY:
Adrian Pastor, reported via ZDI
ORIGINAL ADVISORY:
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
SonicWALL:
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-070
October 30, 2008
-- Affected Vendors:
SonicWALL
-- Affected Products:
SonicWALL Pro 2040
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 2023, 3886.
-- Vendor Response:
SonicWALL has issued an update to correct this vulnerability. More
details can be found at:
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
-- Disclosure Timeline:
2008-06-25 - Vulnerability reported to vendor
2008-10-30 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Adrian 'pagvac' Pastor | GNUCITIZEN | www.gnucitizen.org
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
| VAR-200810-0196 | CVE-2008-3815 | Cisco PIX/ASA In VPN Vulnerability that bypasses authentication |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. Cisco PIX and ASA is prone to an authentication-bypass vulnerability.
Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks.
This issue is being monitored by Cisco Bug ID CSCsj25896. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services.
SOLUTION:
Update to fixed versions (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. This security
advisory outlines details of these vulnerabilities:
* Windows NT Domain Authentication Bypass Vulnerability
* IPv6 Denial of Service Vulnerability
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml.
Affected Products
=================
Vulnerable Products
+------------------
The following are the details about each vulnerability described within
this advisory. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
Alternatively, to see if a device is configured for Windows NT Domain
authentication use the
"show running-config | include nt-auth-domain-controller"
command.
This vulnerability does not affect devices configured only for IPv4.
Note: IPv6 functionality is turned off by default.
IPv6 is enabled on the Cisco ASA and Cisco PIX security appliance
using the "ipv6 address" interface command. To verify if a device
is configured for IPv6 use the "show running-config | include ipv6"
command.
Alternatively, you can display the status of interfaces configured for
IPv6 using the show ipv6 interface command in privileged EXEC mode, as
shown in the following example:
hostname# show ipv6 interface brief
outside [up/up]
unassigned
inside [up/up]
fe80::20d:29ff:fe1d:69f0
fec0::a:0:0:a0a:a70
dmz [up/up]
unassigned
In this example, the "outside" and "dmz" interfaces are not configured
for IPv6.
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
Cisco ASA security appliances may experience a memory leak that can be
triggered by a series of crafted packets. This memory leak occurs in the
initialization code for the hardware crypto accelerator. Devices that
are running software versions in the 8.0.x release are vulnerable.
Note: Cisco ASA appliances that are running software versions in the
7.0, 7.1, and 7.2 releases are not vulnerable.
Determination of Software Versions
+---------------------------------
The "show version" command-line interface (CLI) command can be used to
determine whether a vulnerable version of the Cisco PIX or Cisco ASA
software is running. The following example shows a Cisco ASA Security
Appliance that runs software release 8.0(4):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to
manage their devices can find the version of the software displayed in
the table in the login window or in the upper left corner of the ASDM
window.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of
these vulnerabilities. Cisco PIX security appliances running versions
6.x are not vulnerable. No other Cisco products are currently known to
be affected by these vulnerabilities.
Details
=======
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities are independent of each other. NT Domain authentication is supported only for remote
access VPNs. Devices that are running software version
7.2(4)9 or 7.2(4)10 and configured for IPv6 may be vulnerable. This
vulnerability does not affect devices that are configured only for IPv4.
Note: Devices that are running software versions in the 7.0, 7.1, 8.0,
and 8.1 releases are not vulnerable.
To configure IPv6 on a Cisco ASA or Cisco PIX security appliance, at a
minimum, each interface needs to be configured with an IPv6 link-local
address. Additionally, you can add a global address to the interface.
Note: Only packets that are destined to the device (not transiting the
device) may trigger the effects of this vulnerability. These packets
must be destined to an interface configured for IPv6.
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
The Cisco ASA security appliances may experience a memory leak triggered
by a series of packets. This memory leak occurs in the initialization
code for the hardware crypto accelerator.
Note: Only packets destined to the device (not transiting the device)
may trigger this vulnerability.
The following Cisco ASA features use the services the crypto accelerator
provides, and therefore may be affected by this vulnerability:
* Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
* ASDM (HTTPS) Management Sessions
* Cut-Through Proxy for Network Access
* TLS Proxy for Encrypted Voice Inspection
* IP Security (IPsec) Remote Access and Site-to-site VPNs
* Secure Shell (SSH) Access
This vulnerability is documented in Cisco Bug ID CSCsj25896 and has
been assigned the Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-3817.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* Windows NT Domain Authentication Bypass Vulnerability (CSCsu65735)
CVSS Base Score - 4.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 3.7
Exploitability - High
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Cisco ASA may reload after receiving certain IPv6 packets (CSCsu11575)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Crypto Accelerator Memory Leak (CSCsj25896)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the VPN Authentication Bypass Vulnerability
may allow an attacker to successfully connect to the Cisco ASA via
remote access IPSec or SSL-based VPN. The Denial of Service (DoS)
vulnerabilities may cause a reload of the affected device. Repeated
exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
The following list contains the first fixed software release of each
vulnerability:
+----------------------------------------+
| | Affected | First |
| Vulnerability | Release | Fixed |
| | | Version |
|----------------+----------+------------|
| | 7.0 | 7.0(8)3 |
| |----------+------------|
| Windows NT | 7.1 | 7.1(2)78 |
|Domain |----------+------------|
| Authentication | 7.2 | 7.2(4)16 |
|Bypass |----------+------------|
| Vulnerability | 8.0 | 8.0(4)6 |
| |----------+------------|
| | 8.1 | 8.1(1)13 |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| | | Vulnerable |
|IPv6 Denial of |----------+------------|
| Service | 7.2 | 7.2(4)11 |
|Vulnerability |----------+------------|
| | 8.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 8.1 | Not |
| | | Vulnerable |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Crypto | | Vulnerable |
|Accelerator |----------+------------|
| Memory Leak | 7.2 | Not |
| Vulnerability | | Vulnerable |
| |----------+------------|
| | 8.0 | 8.0(4) |
| |----------+------------|
| | 8.1 | 8.1(2) |
+----------------------------------------+
The following maintenance software releases are the first software
releases that contain the fixes for the vulnerabilities mentioned in
this Security Advisory:
Fixed PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fix ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
For the "Windows NT Domain Authentication Bypass Vulnerability", only
interim fixed software is currently available. Customers wishing to
upgrade to a fixed version instead of applying a workaround may download
PIX and ASA interim versions from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT?psrtdcat20e2
Workarounds
===========
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities and their respective workarounds are independent
of each other.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
LDAP authentication is not affected by this vulnerability.
Note: For more information about support for a specific AAA server
type, refer to the following link:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492
IPv6 Denial of Service Vulnerability
+-----------------------------------
Customers that do not require IPv6 functionality on their devices can
use the "no ipv6 address" interface sub-command to disable processing of
IPv6 packets and eliminate their exposure
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
There are no workarounds for this vulnerability.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software
upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through prior
or existing agreements with third-party support organizations, such
as Cisco Partners, authorized resellers, or service providers should
contact that support organization for guidance and assistance with the
appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or fix
is the most appropriate for use in the intended network before it is
deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service
contract, and customers who purchase through third-party vendors but are
unsuccessful in obtaining fixed software through their point of sale
should acquire upgrades by contacting the Cisco Technical Assistance
Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to a
free upgrade. Free upgrades for non-contract customers must be requested
through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during the
resolution of a technical support service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following
e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2008-October-22 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2007-2008 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
Updated: Oct 22, 2008 Document ID: 108009
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj/S+kACgkQ86n/Gc8U/uAw4gCePvCNEXPlmyKTJaXsjCs6lJHp
tGIAnR507Su0d3whQe31Igigg3xQjC1z
=4yFl
-----END PGP SIGNATURE-----
| VAR-200810-0197 | CVE-2008-3816 | Cisco PIX/ASA In IPv6 Service disruption related to packet processing (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. This issue is documented in Cisco Bug ID CSCsu11575.
NOTE: IPv6 is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.
The vulnerability is reported in version 7.2(4)9 and 7.2(4)10.
NOTE: 7.0, 7.1, 8.0, and 8.1 releases are reportedly not affected.
SOLUTION:
Update to version 7.2(4)11.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. This security
advisory outlines details of these vulnerabilities:
* Windows NT Domain Authentication Bypass Vulnerability
* IPv6 Denial of Service Vulnerability
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml.
Affected Products
=================
Vulnerable Products
+------------------
The following are the details about each vulnerability described within
this advisory.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
Alternatively, to see if a device is configured for Windows NT Domain
authentication use the
"show running-config | include nt-auth-domain-controller"
command.
Alternatively, you can display the status of interfaces configured for
IPv6 using the show ipv6 interface command in privileged EXEC mode, as
shown in the following example:
hostname# show ipv6 interface brief
outside [up/up]
unassigned
inside [up/up]
fe80::20d:29ff:fe1d:69f0
fec0::a:0:0:a0a:a70
dmz [up/up]
unassigned
In this example, the "outside" and "dmz" interfaces are not configured
for IPv6. This memory leak occurs in the
initialization code for the hardware crypto accelerator. Devices that
are running software versions in the 8.0.x release are vulnerable.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of
these vulnerabilities. No other Cisco products are currently known to
be affected by these vulnerabilities.
Details
=======
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities are independent of each other.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability.
The Cisco ASA security appliance supports Microsoft Windows server
operating systems that support NTLM version 1, collectively referred to
as "NT servers". NT Domain authentication is supported only for remote
access VPNs.
Note: Devices that are running software versions in the 7.0, 7.1, 8.0,
and 8.1 releases are not vulnerable. Additionally, you can add a global address to the interface.
Note: Only packets that are destined to the device (not transiting the
device) may trigger the effects of this vulnerability. This memory leak occurs in the initialization
code for the hardware crypto accelerator.
Note: Only packets destined to the device (not transiting the device)
may trigger this vulnerability.
The following Cisco ASA features use the services the crypto accelerator
provides, and therefore may be affected by this vulnerability:
* Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
* ASDM (HTTPS) Management Sessions
* Cut-Through Proxy for Network Access
* TLS Proxy for Encrypted Voice Inspection
* IP Security (IPsec) Remote Access and Site-to-site VPNs
* Secure Shell (SSH) Access
This vulnerability is documented in Cisco Bug ID CSCsj25896 and has
been assigned the Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-3817.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* Windows NT Domain Authentication Bypass Vulnerability (CSCsu65735)
CVSS Base Score - 4.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 3.7
Exploitability - High
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Cisco ASA may reload after receiving certain IPv6 packets (CSCsu11575)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Crypto Accelerator Memory Leak (CSCsj25896)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the VPN Authentication Bypass Vulnerability
may allow an attacker to successfully connect to the Cisco ASA via
remote access IPSec or SSL-based VPN. Repeated
exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
The following list contains the first fixed software release of each
vulnerability:
+----------------------------------------+
| | Affected | First |
| Vulnerability | Release | Fixed |
| | | Version |
|----------------+----------+------------|
| | 7.0 | 7.0(8)3 |
| |----------+------------|
| Windows NT | 7.1 | 7.1(2)78 |
|Domain |----------+------------|
| Authentication | 7.2 | 7.2(4)16 |
|Bypass |----------+------------|
| Vulnerability | 8.0 | 8.0(4)6 |
| |----------+------------|
| | 8.1 | 8.1(1)13 |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| | | Vulnerable |
|IPv6 Denial of |----------+------------|
| Service | 7.2 | 7.2(4)11 |
|Vulnerability |----------+------------|
| | 8.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 8.1 | Not |
| | | Vulnerable |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Crypto | | Vulnerable |
|Accelerator |----------+------------|
| Memory Leak | 7.2 | Not |
| Vulnerability | | Vulnerable |
| |----------+------------|
| | 8.0 | 8.0(4) |
| |----------+------------|
| | 8.1 | 8.1(2) |
+----------------------------------------+
The following maintenance software releases are the first software
releases that contain the fixes for the vulnerabilities mentioned in
this Security Advisory:
Fixed PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fix ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
For the "Windows NT Domain Authentication Bypass Vulnerability", only
interim fixed software is currently available. Customers wishing to
upgrade to a fixed version instead of applying a workaround may download
PIX and ASA interim versions from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT?psrtdcat20e2
Workarounds
===========
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities and their respective workarounds are independent
of each other.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
LDAP authentication is not affected by this vulnerability. As a
workaround, you can enable a different type of external authentication
for Remote Access VPN instead of Windows NT Domain authentication.
Note: For more information about support for a specific AAA server
type, refer to the following link:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492
IPv6 Denial of Service Vulnerability
+-----------------------------------
Customers that do not require IPv6 functionality on their devices can
use the "no ipv6 address" interface sub-command to disable processing of
IPv6 packets and eliminate their exposure
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
There are no workarounds for this vulnerability.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software
upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through prior
or existing agreements with third-party support organizations, such
as Cisco Partners, authorized resellers, or service providers should
contact that support organization for guidance and assistance with the
appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or fix
is the most appropriate for use in the intended network before it is
deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service
contract, and customers who purchase through third-party vendors but are
unsuccessful in obtaining fixed software through their point of sale
should acquire upgrades by contacting the Cisco Technical Assistance
Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to a
free upgrade. Free upgrades for non-contract customers must be requested
through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during the
resolution of a technical support service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following
e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2008-October-22 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2007-2008 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
Updated: Oct 22, 2008 Document ID: 108009
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj/S+kACgkQ86n/Gc8U/uAw4gCePvCNEXPlmyKTJaXsjCs6lJHp
tGIAnR507Su0d3whQe31Igigg3xQjC1z
=4yFl
-----END PGP SIGNATURE-----