VARIoT IoT vulnerabilities database

SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the username parameter of POST requests to the forget.php script. Symantec Web Gateway is a Web security gateway hardware appliance. Attackers can obtain sensitive information or manipulate the database through SQL injection attacks. Exploiting this issue could allow an attacker to compromise the device, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Management Interface "username" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45146 RELEASE DATE: 2011-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/45146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Web Gateway, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 4.5.x. Other versions may also be affected SOLUTION: Upgrade to version 5.0.1. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110707_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-233/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00 -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-07-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. Net6 is a simple network library. The net6 library performs certain operations before verifying the connection of user authentication information, which may result in the disclosure of part of the information of the connected user. net6 is prone to a session-hijacking vulnerability and an information-disclosure vulnerability. An attacker can exploit these vulnerabilities to obtain sensitive information, or possibly perform actions with elevated privileges. net6 1.3.13 is vulnerable; other versions may also be affected. For more information: SA46605 SOLUTION: Apply updated packages via the yum utility ("yum update net6"). ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: net6 Two Weaknesses SECUNIA ADVISORY ID: SA46605 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46605/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46605 RELEASE DATE: 2011-10-31 DISCUSS ADVISORY: http://secunia.com/advisories/46605/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46605/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46605 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vasiliy Kulikov has reported two weaknesses in net6, which can be exploited by malicious people to disclose certain information and conduct session hijacking attacks. 2) It's possible to cause an internal ID counter to overflow, which can be exploited to e.g. hijack another user's session. The weaknesses are reported in version 1.3.13. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/10/30/3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . 1) An error in the net6 library can be exploited to e.g. For more information see weakness #1 in: SA46605 2) An error in the net6 library can be exploited to hijack another user's session. For more information see weakness #2 in: SA46605 SOLUTION: Restrict access to trusted hosts only

The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, aka Bug IDs CSCtg67333 and CSCth25341. An attacker can exploit this issue to crash the webserver, causing denial-of-service conditions. This issue is fixed in Cisco Content Delivery 2.5.9 build 126. Versions prior to 2.5.7 are not affected. This issue being tracked by Cisco bug IDs CSCtg67333 and CSCth25341. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. Vulnerable Products +------------------ To determine the software version that is running on a Cisco Content Delivery Engine, log in to the device and issue the show version command-line interface (CLI) command to display the system banner. On the same line of output, the version number will also be provided. Content Delivery System Software Release 2.5.9 (build b5 Jun 16 2010) Version: cde200-2.5.9.5 Compiled 22:10:04 Jun 16 2010 by ipvbuild Compile Time Options: KQ SS System was restarted on Wed Sep 15 06:50:22 2010. The system has been up for 1 hour, 25 minutes, 6 seconds. cdn-cde# Alternatively, the Content Delivery System Manager home page gives a brief summary of the software versions in use on all the devices in the content delivery system network. To view the software version running on a particular device, choose Devices > Devices. The Devices Table page displays the software version for each device listed. No other Cisco products are currently known to be affected by this vulnerability. The device will remain operational, and the Web Engine will restart if the attack stops. Both bugs fixes are required for a full solution. Vulnerability Scoring Details ============================= Cisco has provided a score for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtg67333/CSCth25341 ("Crafted URL may crash webengine in CDS Internet Streamer") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may cause the Web Engine of the Cisco Internet Streamer application to crash. The device will remain operational, and the Web Engine will restart if the attack stops. A sustained attack will prevent the distribution of HTML content to end users. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The recommended release contains other software fixes that are recommended by Cisco. For further information please consult the Release Notes for Cisco Internet Streamer CDS 2.5.9 at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/release_notes/CDS_RelNotes2_5_9.html#wp100128 +------------------------------------------------------------+ | Cisco Content | | Recommended | | Delivery System | First Fixed Release | Release | | Software Release | | | |------------------+---------------------------+-------------| | 2.2.x | Not Vulnerable | | |------------------+---------------------------+-------------| | 2.3.x | Not Vulnerable | | |------------------+---------------------------+-------------| | 2.4.x | Not Vulnerable | | |------------------+---------------------------+-------------| | | Releases prior to 2.5.7 | 2.5.9 build | | 2.5.x | are not affected, first | 126 | | | fixed in 2.5.9 build 126 | | +------------------------------------------------------------+ Workarounds =========== There are no workarounds for the vulnerability documented in this security advisory. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered when handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110525-spcdn.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-May-25 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: May 25, 2011 Document ID: 112138 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk3dDvAACgkQQXnnBKKRMNDhVQD8CAFWUFBeDwTP/Cx9FZLIZtla UnpJ3ZyjDOZy25FNYNsA/3J4ic+L+7s6R+Dh8nGs/xIHVOuFJPZklPMRNcuUwfLs =0iXv -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. Watch our quick solution overview: http://www.youtube.com/user/Secunia#p/a/u/0/M1Y9sJqR2SY ---------------------------------------------------------------------- TITLE: Cisco Content Delivery System Internet Streamer URL Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA44727 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44727/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44727 RELEASE DATE: 2011-05-27 DISCUSS ADVISORY: http://secunia.com/advisories/44727/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44727/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44727 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Content Delivery System, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Update to version 2.5.9 build 126. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20110525-spcdn.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Cisco Unified Operations Manager and CiscoWorks LAN Management Solution Used in Cisco Unified Service Monitor Contains a vulnerability that allows arbitrary code execution. The problem is Bug ID CSCtn42961 and CSCtn64922 It is a problem.Skillfully crafted by a third party TCP port 9002 Arbitrary code could be executed via packets. Authentication is not required to exploit this vulnerability.The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling an add_dm request the process uses a user provided value to allocate a buffer then blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the casuser user. Multiple EMC Ionix applications are prone to a buffer-overflow vulnerability. Successful exploits will result in the complete compromise of affected applications. Failed exploit attempts will result in a denial-of-service condition. The following applications are affected. Ionix Application Connectivity Monitor (Ionix ACM) version 2.3 and prior Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) version 3.2.0.2 and prior Ionix IP Management Suite (Ionix IP) version 8.1.1.1 and prior Ionix IPv6 Management Suite (Ionix IPv6) version 2.0.2 and prior Ionix MPLS Management Suite (Ionix MPLS) version 4.0.0 and prior Ionix Multicast Manager (Ionix MCAST) version 2.1 and prior Ionix Network Protocol Management Suite version (Ionix NPM) 3.1 and prior Ionix Optical Transport Management Suite version (Ionix OTM) 5.1 and prior Ionix Server Manager (EISM) version 3.0 and prior Ionix Service Assurance Management Suite (Ionix SAM) version 8.1.0.6 and prior Ionix Storage Insight for Availability Suite (Ionix SIA) version 2.3.1 and prior Ionix VoIP Availability Management Suite (Ionix VoIP AM) version 4.0.0.3 and prior. Details ======= CiscoWorks LAN Management Solution is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products. EMC will communicate the fixes for all other affected products as they become available. Regularly check EMC Knowledgebase solution emc274245 for the status of these fixes. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Ionix Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads E-I Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Abdul Aziz Hariri working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml Note: CiscoWorks LAN Management Solution is also affected by these vulnerabilities. The Software Update page displays the licensing and software version. They provides a way to continuously monitor active calls supported by the Cisco Unified Communications System. Both of these vulnerabilities are documented in Cisco bug ID CSCtn42961 ( registered customers only) and have been assigned CVE ID CVE-2011-2738. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtn42961 - Cisco Unified Service Monitor Remote Code Execution CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-201100914-cusm-lms.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by ZDI and discovered by AbdulAziz Hariri. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2011-September-14 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOb9w/QXnnBKKRMNARCBomAP9pCiRwCB8z3oe3IWB2XXNzeaQxAwoq0gQ4 6znwu3lLSAD/Y6o+u8AofSMxkj3THWIdpbjVXKQXMal/BhxDhN5fsI8= =Ybok -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. Pocket WiFi (GP02) contains a cross-site request forgery vulnerability. Pocket WiFi (GP02) provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi (GP02) contains a cross-site request forgery vulnerability. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, settings of Pocket WiFi (GP02) may be initialized, or Pocket WiFi (GP02) may be rebooted. Successful exploits can result in privileged commands running on the affected devices, including changing settings and rebooting the device. This may lead to further network-based attacks. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Emobile Pocket WiFi GP02 Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA47795 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47795/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47795 RELEASE DATE: 2012-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/47795/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47795/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47795 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Emobile Pocket Wifi GP02, which can be exploited by malicious people to conduct cross-site request forgery attacks. The device's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change settings and reboot the device by tricking a logged in user into visiting a malicious web site. SOLUTION: Install update. Please see the vendor's link for details. PROVIDED AND/OR DISCOVERED BY: JVN credits Naoto Katsumi, LAC Co. ORIGINAL ADVISORY: JVN (English): http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000010.html http://jvn.jp/en/jp/JVN33021167/index.html JVN (Japanese): http://jvn.jp/jp/JVN33021167/index.html Emobile: http://emobile.jp/topics/info20120201_01.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name. Authentication is not required to exploit this vulnerability.The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes tools for developing Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. This vulnerability exists in the CEServer component. Successful exploitation of the vulnerability can be applied. Failed attacks will likely cause denial-of-service conditions. InduSoft Web Studio 6.1 and 7.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-329 November 16, 2011 - -- CVE ID: CVE-2011-4052 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11473. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-04-27 - Vulnerability reported to vendor 2011-11-16 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Luigi Auriemma - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJOw/OyAAoJEFVtgMGTo1sc2YUH+gP/cuGw73puMBaLm0tVCIYX 5/oLkfc95efUB/iDPiz6lwGpuXV7DhS38nDzjwI2StJYMFqqbox1PtBot1eLvXHO 0td+uYQu5IxqJON0GM5IzwUFofsC2NO/go8riPCjNkBlHdJrUoTejKmVqZMRNmB4 ytGkVuASAL6/yA19JXGlTvrf3npIOsWStuhRaOCyAXlQV2M4J8+3CXixTwmuPjeN bn2IUmW5aXYDpcUpHb7m4FTyH16TGHTt0DmqWgyW5q0pCRp23NKNPdEzBQtA+y2K Jj3ndSNFLENTWMgwGE5V+r5Lkn83YJ928dFSrSjYUHOH5sgxxgPZxgiPBFkj7os= =m2zu -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: InduSoft Web Studio CEServer Security Bypass and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46871 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46871/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46871 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46871/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46871/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46871 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in InduSoft Web Studio, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) An error within the remote agent component (CEServer.exe) when processing incoming requests can be exploited to bypass the authentication mechanism. The security issue and the vulnerability are reported in versions prior to 7.0 Service Pack 1 Patch 1. SOLUTION: Apply Service Pack 1 Patch 1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI. ORIGINAL ADVISORY: InduSoft: http://www.indusoft.com/hotfixes/hotfixes.php ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Authentication is not required to exploit this vulnerability.The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user. Trend Micro Control Manager (TMCM) is a centralized security management console from Trend Micro that enables unified coordination of Trend Micro products and services. Failed attacks will cause denial-of-service conditions. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Trend Micro Control Manager "CGenericScheduler::AddTask()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47114 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "CGenericScheduler::AddTask()" function in cmdHandlerRedAlertController.dll when handling certain IPC packets. The vulnerability is reported in version 5.5. SOLUTION: Update to version 5.5.0.1613. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma via ZDI. ORIGINAL ADVISORY: Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-345/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-345 December 7, 2011 - -- CVE ID: - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C - -- Affected Vendors: Trend Micro - -- Affected Products: Trend Micro Control Manager - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11469. More details can be found at: http://downloadcenter.trendmicro.com/index.php?prodid=7 - -- Disclosure Timeline: 2011-04-04 - Vulnerability reported to vendor 2011-12-07 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Luigi Auriemma - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJO3+GTAAoJEFVtgMGTo1sc5ccIAJ3q7sFo1wZYonvkXdF9DoQL VasDMEdu+0W3wy+NllFJAMXGTnxnLlnZ/rpV4be90eEE2m8iQ23SDJLrXR4JsyRN rN5LEHGJL0Ijyphq4gy7FRNMu6/eoaJSP5TEhnNcGXAvBb4MblyKcIDfmTgn2fhO QSfM022Xce6Q9pVnfymQLHLnsSt48b7uGJY4G2cGe9Ao0gi3uPyB5qvK6osOTtof 7f9rZ8mNXRGutfNUYWiB0xlOSqJBiufj1ukVHQ4eScBsGHhHeOJNT+kepiUVASum /m7LC8i6JqA9wpVgDV/Od1fFYzsyTwhYdamlW8ULI/Caj1MYQopEl2Zy3bcbRX8= =VzVD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Vtiger CRM is a web-based open source customer relationship management system. There are multiple cross-site scripting vulnerabilities in vtiger CRM. Because the program fails to properly filter user-supplied input, an attacker could exploit this vulnerability to execute arbitrary script code in a trusted user's browser in the affected site context, stealing cookie-based authentication and initiating other attacks. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. vtiger CRM is a free, full-featured, 100% Open Source CRM softwareideal for small and medium businesses, with low-cost product support availableto production users that need reliable support.vtiger CRM suffers from a XSS vulnerability when parsing user input tothe '_operation' and 'search' parameters via GET method in '/modules/mobile/index.php'script. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vtiger CRM "default_user_name" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42304 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42304/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42304 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42304/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42304/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42304 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "default_user_name" parameter to index.php (when "module" is set to "Users" and "action" is set to "Login") is not properly sanitised in modules/Users/Login.php before being returned to the user. The vulnerability is confirmed in version 5.2.1. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi ORIGINAL ADVISORY: Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in denial-of-service condition. This issue is tracked by Cisco Bug ID CSCtk67073. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. The data flow interaction function DLSw can realize the transmission of IBM SNA and network BIOS traffic on the IP network. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for IP SLA, either as responders or as originators of vulnerable IP SLA operations. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example shows output from a device that runs a Cisco IOS Software image: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. Details ======= IP SLA is an embedded agent in Cisco IOS Software designed to measure and monitor common network performance metrics like jitter, latency (delay), and packet loss. The vulnerability that is described in this document is triggered by malformed UDP packets triggered by malformed IP SLA packets sent to the vulnerable device and port. A vulnerable device can be an IP SLA responder or the source device of a vulnerable IP SLA operation. Vulnerable IP SLA Responder Configurations +----------------------------------------- A device configured either as an IP SLA general responder or a permanent IP SLA UDP responder is vulnerable. The general responder processes IP SLA control protocol packets on UDP port 1967 and then may dynamically open vulnerable UDP ports according to the IP SLA operations requested using the control protocol. The configuration for a general responder is as follows: ip sla responder The IP SLA UDP permanent responder is also vulnerable. An example configuration is as follows: ip sla responder udp-echo port 300 There is no default UDP port number for the UDP permanent responder Alternatively, both the general responder and the permanent responder can be identified with the "show ip sla responder" command. The general responder is vulnerable when it has been enabled. The permanent responder is vulnerable only when it has been enabled and the "udpEcho Responder" is present. In the Following example, the general responder is not vulnerable because it has not been enabled but the permanent responder is vulnerable because it has been enabled with a UDP echo responder: Router# show ip sla responder General IP SLA Responder on Control port 1967 General IP SLA Responder is: Disabled Permanent Port IP SLA Responder Permanent Port IP SLA Responder is: Enabled udpEcho Responder: IP Address Port 0.0.0.0 300 Vulnerable IP SLA Source Device Configurations +--------------------------------------------- An IP SLA source device is a Cisco IOS device that has at least one IP SLA operation configured. To be vulnerable a probe originator needs to have at least one scheduled probe that uses either of the following IP SLA operations: * udp-jitter probe * udp-echo A vulnerable IP SLA source device configuration includes all the following commands: * An "ip sla" global configuration command to define an IP SLA operation * Either a "udp-echo" or a "udp-jitter" IP SLA configuration command * An "ip sla schedule" global configuration command that activates one of the probes that uses a vulnerable IP SLA operation The following examples show a source device that is configured for IP SLA UDP echo and UDP jitter probes: ip sla 201 udp-echo 192.168.134.21 201 ip sla schedule 201 start-time now ip sla 301 udp-jitter 192.168.134.121 122 ip sla schedule 301 start-time now The destination UDP ports for the probes need to be configured. If the source UDP port is not configured an available port number will be used when the probe is started. A device that originates a vulnerable operation will be vulnerable on the source UDP ports of the probe and a responder will be vulnerable on the destination UDP port used for the probe. IP SLA probes can be configured using Simple Network Management Protocol (SNMP). In that case, by default, the "show running configuration" command will not include the IP SLA probe configuration. The "show ip sla configuration" command can be used to verify whether a probe has been configured either by the command line or via SNMP. Router# show ip sla configuration | include operation Type of operation to perform: udp-jitter Type of operation to perform: udp-echo Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtk67073 ("IP SLA Memory Corruption Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability described in this document may result in the reload of a vulnerable device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release for | | 12.0-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.1-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.1-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.2-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.2-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.3-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.3-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.4-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.4-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 15.0-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 15.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 15.1-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+------------------+----------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.1EY | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+------------------+----------------------------| | | Vulnerable; | Vulnerable; first fixed in | | 15.1GC | first fixed in | Release 15.1T | | | Release 15.1T | | |------------+------------------+----------------------------| | 15.1M | Not vulnerable | 15.1(4)M2; Available on | | | | 30-SEP-11 | |------------+------------------+----------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.1MR | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+------------------+----------------------------| | | 15.1(2)S | 15.1(2)S2 | | | | | | | Cisco IOS XE | 15.1(3)S | | 15.1S | devices: Please | | | | see Cisco IOS-XE | Cisco IOS XE devices: | | | Software | Please see Cisco IOS-XE | | | Availability | Software Availability | |------------+------------------+----------------------------| | | 15.1(1)T3 | 15.1(1)T4; Available on | | | | 08-DEC-11 | | 15.1T | 15.1(2)T4 | | | | | 15.1(2)T4 | | | 15.1(3)T2 | | | | | 15.1(3)T2 | |------------+------------------+----------------------------| | | Vulnerable; | Vulnerable; first fixed in | | 15.1XB | first fixed in | Release 15.1T | | | Release 15.1T | | |------------+------------------+----------------------------| | Affected | | First Fixed Release for | | 15.2-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is affected by the vulnerability disclosed in this document. +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.1.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.2.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.3.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.4.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.5.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.6.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 3.1.xS | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 3.2.xS | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | 3.3.0S | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== There are no workarounds for this vulnerability, but there are mitigations that can be deployed on a general IP SLA responder to reduce the exposure to this vulnerability. General IP SLA Responder Mitigation +---------------------------------- For devices that are configured as general responders, a mitigation is to restrict IP SLA control packets on UDP port 1967 that are addressed to the vulnerable device to permit only trusted probe originators to open UDP ports that could be exploited. This can be accomplished using techniques such as Infrastructure Access list or Control Plane Protection. For devices configured as general responders, mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20110928-ipsla.shtml IP SLA Permanent Responder Mitigation +------------------------------------ For the permanent responder, the mitigation is to filter UDP packets addressed to the configured UDP port of each permanent responder to permit packets from the IP addresses of trusted devices. IP SLA Source Devices Mitigation +------------------------------- For IP SLA source devices, a mitigation is to allow only UDP packets from trusted devices (that is, devices that are the target of IP SLA operations). Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2MACgkQQXnnBKKRMNBZ6gD/WbLQXIuIcQjySn9TOSycPflx p7H07864wibshk3qznsA/37viRZKYBrkXc+mgT5C5kIs9Elx3l+L5v0EDJ1K+jZI =OF08 -----END PGP SIGNATURE-----

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Icihttp.exe module (CA Gateway Security for HTTP), which responds to incoming HTTP requests on port 8080. Due to a flawed copy-loop algorithm in the URL parsing routine, it is possible for a remote unauthenticated user to cause an exploitable heap corruption condition. This could result in the execution of arbitrary code under the context of the Gateway Security service. Computer Associates Total Defense and Gateway Security are prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code with elevated privileges, completely compromising affected computers. Total Defense r12 and Gateway Security 8.1 are vulnerable; other versions may also be affected. CA has issued an update that resolves the vulnerability. The vulnerability, CVE-2011-2667, occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise. If the version displayed is less than 8.1.0.69, the installation is vulnerable. Solution Gateway Security r8.1: Apply fix RO32642 Alternatively, update to Gateway Security 9.0 available from the CA support site. (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBTicU8pI1FvIeMomJAQHDpQgAlZ5TqT9B+I4zd20wzh8GhajqGb8BIuxo sCToQG5jq+kUX1QMnL+MVv4A0nR2o2P8cgxEhNtpEOyHnTeKvBuT//ALBpQgjYQ3 lMY3tRNrqEo1BAD9x/GqVp/xIBiaqkL80bt0BXmvxxhKblSX30mUA8D+v8P+DPrO eR+VEB7feWQ9LaqjIeEa5t8P5/TxuA+XNv0EdWtU7OAFc/IzXiu91XF++I+UJs3V l9Kvdj7x7JXyqZXc3943eUR/zqbxXO2/h/67Gj+N5ub1S4TBkPuoUMcPQ3o3l2WZ 75HcRT6AIHZ6shTbD20TCl1LUs4uKmJYc41kfbCEX3BsU12WbbV+zw== =w+9B -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CA Gateway Security URL Parsing Vulnerability SECUNIA ADVISORY ID: SA45332 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45332/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45332 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45332/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45332/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45332 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA Gateway Security, which can be exploited by malicious people to compromise a vulnerable system. This can be exploited to corrupt heap memory via specially crafted HTTP requests sent to TCP 8080. The vulnerability is reported in versions prior to 8.1.0.69. SOLUTION: Apply patch RO32642. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod via ZDI. ORIGINAL ADVISORY: CA: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D} ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-237/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: CA states: CA20110720-01: Security Notice for CA Gateway Security and Total Defense https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7b5E404992-6B58-4C44-A29D-027D05B6285D%7d -- Disclosure Timeline: 2011-01-21 - Vulnerability reported to vendor 2011-07-20 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. An attacker could exploit this vulnerability to execute arbitrary script code in the context of a web application built using the SDK. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Adobe Flex SDK 4.5.1 and prior versions are affected. Provide your organization, distributed enterprise or managedservice offering with an intuitive, powerful way to rapidly deploy andcentrally manage SonicWall solutions, with SonicWall GMS. Get more valuefrom your firewall, secure remote access, anti-spam, and backup and recoverysolutions with enhanced network security monitoring and robust networksecurity reporting. By deploying GMS in an enterprise, you can minimizeadministrative overhead by streamlining security appliance deploymentand policy management.Dell SonicWALL GMS versions 8.1 and below are compiled witha vulnerable version of Adobe Flex SDK allowing for same-originrequest forgery and cross-site content hijacking.Tested on: SonicWALLMySQL/5.0.96-community-ntApache-Coyote/1.1Apache Tomcat 6.0.41. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe Flex Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47053 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flex, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to SWF files developed using the framework is not properly sanitised before being returned to the user. SOLUTION: Apply patches (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Adobe (APSB11-25): http://www.adobe.com/support/security/bulletins/apsb11-25.html http://kb2.adobe.com/cps/915/cpsid_91544.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This is actually a Flex bug. (CVE-2011-2461) which can lead to Same-Origin Request Forgery and Cross-Site Content Hijacking. Although adobe patched this bug, it is possible to exploit it in fully patched browsers with the latest version of Adobe Flash Player; CVE-2011-2461 is best explained by Mindedsecurity at http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html This also leads to a Flash XSS in some older browsers. an attacker will create a malicious HTML page and embed the vulneable flash. When successfully exploited a Same Origin Request Forgery attack allows a malicious web site to perform arbitrary requests to the vulnerable site, and read its response without restrictions. You can test vulnerable flash files with https://github.com/ikkisoft/ParrotNG/ Vulnerable files: http://[magento_url]/skin/adminhtml/default/default/media/editor.swf http://[magento_url]/skin/adminhtml/default/default/media/Uploader.swf http://[magento_url]/skin/adminhtml/default/default/media/UploaderSingle.swf

Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. Tftpd-hpa is a feature-enhanced TFTP server. There is a buffer overflow in the function that sets the utimeout option in the tftp-hpa daemon. This vulnerability can be exploited remotely because the program receives options from the client settings. tftp-hpa FTP server is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to tftp-hpa 5.1 are vulnerable. PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-05 * Released on: 22 Jun 2011 * Last updated on: 22 Jun 2011 * Affected product: tftp-hpa 0.30 - 5.0 * Impact: buffer overflow * Origin: remote tftp client * Credit: Timo Warns (PRESENSE Technologies GmbH) * CVE Identifier: CVE-2011-2199 Summary ------- The tftp-hpa daemon contains a buffer overflow vulnerability in the function for setting the utimeout option. Solution -------- For a patch, see http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8 References ---------- When further information becomes available, this advisory will be updated. The most recent version of this advisory is available at: http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt Contact ------- PRE-CERT can be reached under precert@pre-secure.de. For PGP key information, refer to http://www.pre-cert.de/. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: tftp-hpa: Remote buffer overflow Date: June 21, 2012 Bugs: #374001 ID: 201206-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability was found in tftp-hpa, which leads to remote execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/tftp-hpa < 5.1 >= 5.1 Description =========== A vulnerability has been discovered in tftp-hpa. Please review the CVE identifier referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All tftp-hpa users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/tftp-hpa-5.1" References ========== [ 1 ] CVE-2011-2199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2199 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request. Atvise is an HMI and SCADA solution. Atvise webMI2ADS handles the \"Content-Length\" HTTP header with an error. Sending an HTTP request with a negative content length can consume a lot of CPU and memory resources, causing a denial of service attack. Atvise webMI2ADS has a security vulnerability that can be exploited to shut down the service because the application does not properly restrict the \"shutdown\" page. Atvise webMI2ADS basic access verification has a null pointer application error, sending a specially crafted \"Authorization\" HTTP header can crash the server. atvise webMI2ADS is prone to multiple remote vulnerabilities. Exploiting these issues will allow an attacker to view arbitrary local files within the context of the webserver and crash the affected application, denying service to legitimate users. Information harvested may aid in launching further attacks. atvise webMI2ADS 1.0 and prior versions are vulnerable. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: atvise webMI2ADS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48814 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48814/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48814 RELEASE DATE: 2012-04-12 DISCUSS ADVISORY: http://secunia.com/advisories/48814/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48814/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48814 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). For more information: SA46338 The vulnerabilities are reported in versions prior to 2.0.2 for Windows XP Embedded. SOLUTION: Update to version 2.0.2 for Windows XP Embedded. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/webmi2ads_1-adv.txt ICSA-12-102-01: http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840. Atvise is an HMI and SCADA solution. atvise is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the affected application to crash, denying service to legitimate users. atvise versions prior to 2.1 are vulnerable. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: atvise Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47638 RELEASE DATE: 2012-01-19 DISCUSS ADVISORY: http://secunia.com/advisories/47638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in atvise, which can be exploited by malicious people to cause a DoS (Denial of Service). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/atvise_1-adv.txt ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135. The problem is Bug ID CSCts59135 It is a problem.A third party may change settings or perform other administrative actions that are not known. Cisco Identity Services Engine is prone to a vulnerability that allows attackers to bypass certain security restrictions. An attacker can exploit this issue to modify the device configuration and settings or gain complete administrative control of the device. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Cisco Identity Services Engine Undocumented Database Account Security Issue SECUNIA ADVISORY ID: SA46061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46061 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the appliance including an undocumented database account with default credentials. The security issue is reported in versions prior to 1.0.4.573. SOLUTION: Update to version 1.0.4.573. PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrey Ovrashko and Sergey Bondarenko, BMS Consulting. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110920-ise.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110920-ise.shtml Affected Products ================= Vulnerable Products +------------------ This vulnerability affects all releases of Cisco ISE prior to release 1.0.4.MR2. This applies to both the hardware appliance and the software-only versions of the product. The following methods can be used to determine which Cisco ISE release is installed: * From the Cisco ISE command-line interface (CLI), issue the show application version ise command, as shown in the following example: ise-node1/admin# show application version ise Cisco Identity Services Engine --------------------------------------------- Version : 1.0.4.558 Build Date : Thu 18 Aug 2011 04:41:15 PM EST Install Date : Fri 16 Sep 2011 01:38:48 PM EST ise-node1/admin# Based on the output of the show application version ise on the previous example, the installed Cisco ISE release is 1.0.4.588. * From the Cisco ISE web-based interface, log in and click on the "Help" button located at the bottom left corner of the screen. From the resulting menu, select "About Identity Services Engine". Version information is displayed on the resulting window under the "Identity Services Engine" heading. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. Details ======= The Cisco Identity Services Engine provides an attribute-based access control solution that combines authentication, authorization, and accounting (AAA); posture; profiling; and guest management services on a single platform. Administrators can centrally create and manage access control policies for users and endpoints in a consistent fashion, and gain end-to-end visibility into everything that is connected to the network. The Cisco ISE contains a set of default credentials for its underlying database. This vulnerability is documented in Cisco bug ID CSCts59135 and has been assigned the CVE identifier CVE-2011-3290. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * Default credentials for Oracle database on ISE CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 9.5 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability may allow an attacker to modify the device configuration and settings or gain complete administrative control of the device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. This vulnerability is fixed in software release 1.0.4.MR2, which will be available on September 30th, 2011. Cisco ISE release 1.0.4.MR2 will be made available in two formats: * as an ISO image containing a complete installation image, which can be used for a new install or for completely reimaging an existing installation. * as an application bundle that can be used to upgrade an existing Cisco ISE release 1.0 (1.0.3.377) or Cisco ISE release 1.0MR (1.0.4.558) installation to Cisco ISE release 1.0.4.MR2. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document fot this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20110920-ise.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by Andrey Ovrashko and Sergey Bondarenko of BMS Consulting, Ukraine. Cisco would like to thank Andrey Ovrashko, Sergey Bondarenko and BMS Consulting for reporting this vulnerability and for working with us towards a coordinated disclosure of the vulnerability. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110920-ise.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2011-September-20 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFOeKXnQXnnBKKRMNARCMoVAP9s0Fbnk1otloSiZ0rmPFgUPIPK5KmxXUZO k7dq3raNGAD/eo8unGMfY3AF4uM4HPTYfxbkmr37bIbY8vHUt2DZcvo= =g57Y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2304-1 security@debian.org http://www.debian.org/security/ Nico Golde Sep 11, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : squid3 Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian bug : 639755 CVE IDs : CVE-2011-3205 Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies. For the oldstable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.1.15-1. For the unstable distribution (sid), this problem has been fixed in version 3.1.15-1. We recommend that you upgrade your squid3 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2011:1293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html Issue date: 2011-09-14 CVE Names: CVE-2011-3205 ===================================================================== 1. Summary: An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm ppc64: squid-3.1.10-1.el6_1.1.ppc64.rpm squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm s390x: squid-3.1.10-1.el6_1.1.s390x.rpm squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3205.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA rDOr/svPTfi23jLvkODeYbk= =0hIH -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Squid Gopher Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45805 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45805 RELEASE DATE: 2011-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/45805/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45805/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45805 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string. This is related to vulnerability #2 in: SA13825 The vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25 and 3.1.x prior to 3.1.14 SOLUTION: Update to version 3.0.STABLE26 or 3.1.15. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Hawkes, Google Security Team. ORIGINAL ADVISORY: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA45805 SOLUTION: Apply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Squid: Multiple vulnerabilities Date: October 26, 2011 Bugs: #279379, #279380, #301828, #334263, #381065, #386215 ID: 201110-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/squid < 3.1.15 >= 3.1.15 Description =========== Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621 [ 2 ] CVE-2009-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622 [ 3 ] CVE-2009-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855 [ 4 ] CVE-2010-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308 [ 5 ] CVE-2010-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639 [ 6 ] CVE-2010-2951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951 [ 7 ] CVE-2010-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072 [ 8 ] CVE-2011-3205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor (The Onion Router) is an implementation of the second generation of onion routing, which allows users to communicate anonymously over the Internet. Tor has security holes in its implementation that can be exploited by malicious users to disclose sensitive information. This vulnerability is caused by the client reusing a TLS certificate on some connections. Simulate a user's detection of multiple protection relays by using a user certificate identification key to determine the connection status of the user. Tor is prone to a remote information-disclosure vulnerability and a bridge enumeration weakness. Exploits will allow attackers to obtain sensitive information that can help them launch further attacks. Versions prior to Tor 0.2.2.34 are vulnerable. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Tor TLS Certificate Reuse User De-Anonymisation Security Issue SECUNIA ADVISORY ID: SA46634 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46634/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46634 RELEASE DATE: 2011-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/46634/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46634/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46634 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Tor, which can be exploited by malicious people to disclose potentially sensitive information. This can be exploited to e.g. fingerprint and de-anonymise a user by e.g. Note: Additionally, enhancement have been made to protect against bridge enumeration attacks. SOLUTION: Update to version 0.2.2.34. PROVIDED AND/OR DISCOVERED BY: The vendor credits frosty_un. ORIGINAL ADVISORY: https://blog.torproject.org/blog/tor-02234-released-security-patches OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests (CVE-2012-3517). The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document (CVE-2012-3518). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison (CVE-2012-4419). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm 7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2331-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : tor Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2768 CVE-2011-2769 It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues (CVE-2011-2769). Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches For the oldstable distribution (lenny), this problem has been fixed in version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian archive scripts, the update cannot be released synchronously with the packages for stable. It will be released shortly. For the stable distribution (squeeze), this problem has been fixed in version 0.2.1.31-1. For the unstable and testing distributions, this problem has been fixed in version 0.2.2.34-1. For the experimental distribution, this problem have has fixed in version 0.2.3.6-alpha-1. We recommend that you upgrade your tor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q1UIACgkQXm3vHE4uylrH1ACg6Y7x6by9MtC6d2whbYQvf0sV qdgAoM3IeWEe985DCPmvdBDHmEQBDzpk =HWr2 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tor: Multiple vulnerabilities Date: January 23, 2012 Bugs: #388769, #394969 ID: 201201-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. * An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778). Impact ====== A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35" References ========== [ 1 ] CVE-2011-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768 [ 2 ] CVE-2011-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769 [ 3 ] CVE-2011-2778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. (1) dnat.cgi of createrule Parameters (2) dansguardian.cgi of addrule Parameters (3) openvpn_users.cgi of PATH_INFO. Endian Firewall is an open source firewall device. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. It is being developed by the Italian Endian Srl and the community. Endian is originally based on IPCop, which itself was a fork of Smoothwall. (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Endian_Firewall ) Einfach, schnell und zukunftssicher! Die ideale Lösung, um Ihre Filialen und industriellen Zweigstellen rund um den Globus zu schützen. Endian 4i ist die ideale Lösung für Büroaußenstellen oder Industrieinstallationen. Die Firewall ist in den zwei Varianten „Office“ und „Industrial“ erhältlich. Die Office-Version bietet alle Funktionen, um Netzwerke in der Firma und in Verbindung mit Außenstellen einfach und sicher zu verlinken. Derselbe Funktionsumfang ist bei der Industrial-Version vorhanden, die sich speziell an den Industriebereich richtet und 24V Support bietet sowie auf der Hutschiene installiert werden kann. Remote-Supporting, Remote-Konfiguration, Systemüberwachung bis hin zur einfachen, sicheren Vernetzung von Außenstellen – die Kostenvorteile dabei liegen auf der Hand. Sichern auch Sie sich die Konnektivität Ihres Unternehmens ab, und behalten Sie mit der Endian 4i stets die Nase vorn. (Copy of the Vendor Homepage: http://www.endian.com/de/products/utm-hardware/4i/) Abstract: ========= The Vulnerability Lab Team discovered mutliple non persistent Cross Site Scripting Vulnerabilities on Endians UTM Firewall v2.4.x Application. Report-Timeline: ================ 2011-02-02: Vendor Notification 2012-02-18: Public or Non-Public Disclosure Status: ======== Published Affected Products: ================== Endian Product: UTM Firewall Appliance Application v2.4.x Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== Multiple non persistent cross site scripting vulnerabilities are detected on Endian Firewall v2.4.x UTM Appliance Application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing & client-side content request manipulation. Vulnerable Module(s): [+] openvpn_users.cgi [+] dnat.cgi#createrule [+] dansguardian.cgi#addrule Picture(s): ../1.png ../2.png ../3.png Proof of Concept: ================= The vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. For demonstration or reproduce ... #1 https://demo.endian.com/cgi-bin/dnat.cgi#createrule [XSS] #2 https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[XSS] #3 https://demo.endian.com/cgi-bin/openvpn_users.cgi ?=[XSS] Risk: ===== The security risk of the cross site scripting vulnerabilities are estimated as medium(-). Credits: ======== Vulnerability Research Laboratory Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com

Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. SIELCO SISTEMI Winlog Pro is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog Pro does not properly filter the input in the project file. Some of the illegal information in the field can overwrite the memory location, causing the application to crash or to execute arbitrary code. Winlog Pro and Winlog Lite are prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Winlog Pro Project File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47078 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Winlog Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing certain values in project files and can be exploited to cause a buffer overflow by tricking a user into loading a malicious project file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 2.07.09. SOLUTION: Update to version 2.07.09. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Paul Davis ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Dream Report is an integrated reporting solution for industrial automation. The Ocean Data Dream Report application lacks sufficient filtering of query string parameter values, can lead to cross-site scripting attacks, build specially crafted URLs, entice users to parse, get sensitive information, or hijack user sessions. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Hitachi JP1/IT Desktop Management Manager 09-50 is vulnerable. Attackers can exploit these issues to execute arbitrary code in the context of the webserver, compromise the affected application, and steal cookie-based authentication credentials from legitimate users of the site. Other attacks are also possible. These issues affect Dream Report Versions prior to 4.0. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ocean Data Systems Dream Report Two Vulnerabilities SECUNIA ADVISORY ID: SA47742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47742 RELEASE DATE: 2012-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/47742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Ocean Data Systems Dream Report, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) Certain unspecified is not properly sanitised before being returned to the user. 2) An unspecified error when loading certain files can be exploited to corrupt memory via a specially crafted file. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires tricking a user into loading a malicious file. SOLUTION: Upgrade to version 4.0. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Billy Rios and Terry McCorkle. ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------