VARIoT IoT vulnerabilities database

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. Apple Installer is the application responsible for installing Mac OS X software packages. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA23772 VERIFY ADVISORY: http://secunia.com/advisories/23772/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 6.10 http://secunia.com/product/12470/ Ubuntu Linux 6.06 http://secunia.com/product/10611/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes a vulnerability, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23696 SOLUTION: Apply updated packages. Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.2.diff.gz Size/MD5: 1447550 546659a7ce8758c26c33d0241adb992d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.2.dsc Size/MD5: 848 ed669b2e38c5b3b6701401b99bbdb3cb http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.2_all.deb Size/MD5: 852734 748a61c88e96abcc2fd922acdafbd56c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 79686 a56316c071cbdae9f33b10166e204340 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 222738 173b8846edc4d84b0880b293ebd819f8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 59876 11c96393564f5422e884cda60671688d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 134570 c2fa98268d5c486988eae91040441720 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 84774 7dc407371c107d79c69ffe054f702ba7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 67044 4a01011a78cf0c299df6b36384c0950b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 129430 2acabc3bcb9323fa28a69e306694a1ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 190294 a4044fce177ca61f9b24ff9515443e5f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 768212 bba4e4f35f90a58177f14d35d9fccf1e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_amd64.deb Size/MD5: 425220 e16e7b2709af4fb8a88a0819cdfc1a40 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 71660 d38e87ecea34868e1dac394b9047c382 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 186752 12424ad58c808a4867f0db0d014a34ec http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 53844 3aa5f6a9ae2cb49659a0577ea972d0af http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 121068 9a1fcd42b91849f0a4ce3c1614c3dbb9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 75438 9b264a66dff08d0206370a43058687d1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 58204 6e89a58b9d435c6e1422537a18da2dc1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 118528 82f62332c5bae9177ce1f356b824279e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 165130 0968da19d0bdac05e716825ba045f5e5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 646560 89ccbd05cda4887245d7d5c5cd77d383 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_i386.deb Size/MD5: 380650 8a8e6bebd4955809ef62a27cc7eb8918 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 79712 119d48198050bd5e24c711c895770bf0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 220080 3025e485a43fd6a67c6d7716f1efad63 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 59084 97104b0dcfc3a4dacd5c1334766c488b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 135552 b1c5a4334633412e8c64d808b4a30280 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 84632 b7a70d1cb0513523911248231bbcca82 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 65420 9300e4d62e4dedad6ac85647fe157ee2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 134396 f07964b5364af26ac18bc4c37ff71e3f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 177082 8488709500858a66f07183a193a249e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 751382 96e57442a0caa1e574f0581327fc9e1a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_powerpc.deb Size/MD5: 395444 b672282f98601ebe9340f251d7e2dd46 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 72292 ed56430a6017fe52fd34e8724ff5892d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 196928 2dff67f37591eede7be792c836028920 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 55818 1de2f224962fd6e7f9a5a642995a2fb6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 123914 871a22e98608033db8dbc3e85d18e430 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 76454 c8f134cee518c209e4f068d59e7bc90e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 61752 e15353f761ff1b052ff790c3b22d9f03 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 120102 a72b86d5911ebf7d90454e20a5d3d6a7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 164630 2ba7eb220cee2ef90c433520dc22bd1d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 677878 53436fc167794aa6c7e4538156b279e4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_sparc.deb Size/MD5: 368236 8cfe1fb1b04f054211103b96bd85d4d0 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.1.diff.gz Size/MD5: 1468259 a89554ee72ae46193497b5fdb86359e5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.1.dsc Size/MD5: 883 92b415a7e46614bc10a6fad2971a13a4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.1_all.deb Size/MD5: 853430 3958e9a508ef75081c289378ee06cb5d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 81062 5e7b14c23de60189762b3776991256a3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 223934 6cbf0f868012e01518617369f4c09d78 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 61134 c2420e53a8369ef1fb7150d8a486dd3c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 138648 38ffe1ee542695b7e7110f752b02a735 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 86946 da6f24f2da9e84b2e13c0a296c8bdfcb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 67556 711861722d5ef9e31d6d641076574df6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 130170 53bf2f36db32694986426840efce7a63 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 190180 27a2f0cf1711ddf7498b20073363c5f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 1072552 d9f4df032a6d0b24d4b948cdc2a17ec3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 771828 8a490a2198a58ccea514e43ab68bce88 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_amd64.deb Size/MD5: 427562 f60e228b07f072ee64e66d16b01c80c9 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 74768 07466ce7134858695cd2608f7d916bc9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 195996 77d746677df270dc89773c13f4231e98 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 56642 33f6895466f028e4f7e60fe6d0102d7b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 128984 d57c3ae641ffc63cde21557c3db9355c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 79602 6be865799bcf85edb35c541df35b9245 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 61366 e9c4b39d8228118d03d5df02123e437d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 121716 588addedfb49a64c09a8517740d039d9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 172370 b6674bf633bf623d54d53d8ee57120e5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 1024338 53cef35e866ba9bfa14ebb7727b10c9d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 672520 7c1313e3eb84a448479af34eda9a0233 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_i386.deb Size/MD5: 403646 b30ac3ba3dc11650ef9a74b5b1d9368a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 81626 eb56ed7461f47af49023f2027d71a249 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 222676 f847921d673ba513a11b2e4da26c6589 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 61324 94d69c98e2439ead3b38757fb6503917 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 140824 a3a2c75ca459aadf29db4af247832cac http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 86812 8747cbb5e22b1611d0f35d413a29dfb8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 66622 e03d52dd334c788d3fb7583660ac25af http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 136342 0048a761afaabaffb847273c88cb7758 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 179554 59ca8bdf4afa0ea09432aaa2e53facf7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 1076132 98f942e3252e3f377cd24c03dfae7120 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 757874 00cde304e78bdd85ca75454ae31f9056 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_powerpc.deb Size/MD5: 398636 15cd61e388f2e658709577c6c17ed9f4 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 74648 a9d42678fb3d7d508c087ae7eb075eec http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 203198 2aeac236c8864c757a55870190918302 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 58498 22079ad35df8ceea0857319eb533ee35 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 129158 a5b36aeb90baba94d569f41d21f16548 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 79926 d889cf2987c8c48a6aef9b566ad14238 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 63040 6e9f3b3ad95536ee494d73e8ee3d252a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 122238 bd59626426b7690742520d2151b58a3c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 166480 fd69c12e642a168d39ce209c1647d433 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 957280 de94391f1d289fbe3c7639f8ca8cf303 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 684606 511b01e003f876bde73badddeda105ab http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_sparc.deb Size/MD5: 373600 66c24f51433ff5ce4670bc91f04a6187 ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-408-1 OTHER REFERENCES: SA23696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. This issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595. Cisco CS-MARS can receive event logs from various network devices, correlate and analyze the received security problem data, and report findings; ASDM can provide management and monitoring services for various Cisco security devices, and provide firewall services for Cisco switches and routers module. Cisco CS-MARS and ASDM have vulnerabilities in the implementation of communication authentication with managed devices. Because the certificate and public key provided by the device are not verified, if the certificate or public key changes, the affected product cannot determine whether the device it communicates with is legitimate, or whether the device is pretending to be a legitimate device. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. This can be exploited to conduct spoofing attacks and possibly gain knowledge of sensitive information. SOLUTION: Update to the latest version. http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits Jan Bervar, NIL Data Communications. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. Francisco Burzi PHP-Nuke Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (1) admin/modules/modules.php Inside active Parameters (2) modules/Advertising/admin/index.php Inside pad_class Parameters (3) modules/Advertising/admin/index.php Inside pimageurl Parameters (4) modules/Advertising/admin/index.php Inside pclickurl Parameters (5) modules/Advertising/admin/index.php Inside pad_code Parameters (6) modules/Advertising/admin/index.php Inside position Parameters. PHP-Nuke is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 is vulnerable to these issues; other versions may also be affected

Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors. HP Jetdirect is prone to an unspecified denial-of-service vulnerability. An attacker can exploit this issue on an affected computer to cause a denial-of-service condition. HP Jetdirect firmware versions from x.20.00 to x.24.00 are vulnerable to this issue. HP JetDirect printer is a printer with integrated network function developed by Hewlett-Packard Company. There is an input validation vulnerability when the FTP implemented by HP JetDirect processes user requests

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. Rumpus is prone to multiple vulnerabilities, including multiple remote heap-overflow issues, denial-of-service issues, and local privilege-escalation issues. The remote issues affect the FTP and HTTP components of the server. Since Rumpus runs with superuser privileges, a successful attack may facilitate the complete compromise of affected computers. Rumpus 5.1 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Rumpus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23842 VERIFY ADVISORY: http://secunia.com/advisories/23842/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Rumpus 5.x http://secunia.com/product/11982/ DESCRIPTION: LMH and KF have reported some vulnerabilities in Rumpus, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious users to compromise a vulnerable system. 1) The application invokes "ipfw" without an absolute path and has the setuid bit set. This can be exploited to gain "root" privileges by placing a specially crafted "ipfw" binary in the path. Successful exploitation requires a valid user account. The vulnerabilities are reported in version 5.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH and KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-18-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. Mac OS X is prone to a local security vulnerability

Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Mac OS X is prone to a denial-of-service vulnerability. This triggers an invalid null pointer dereference. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24198 VERIFY ADVISORY: http://secunia.com/advisories/24198/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error exists in Finder, which can be exploited by malicious people to cause a buffer overflow by tricking a user to mount a malicious disk image. 2) A null-pointer dereference error in iChat Bonjour can be exploited by malicious people to cause the application to crash. 3) A format string error in the handling of AIM URLs in iChat can be exploited by malicious people to possibly execute arbitrary code. Successful exploitation requires that a user is tricked into accessing a specially crafted AIM URL. For more information: SA23846 SOLUTION: Apply Security Update 2007-002: Security Update 2007-002 (10.4.8 Universal): http://www.apple.com/support/downloads/securityupdate2007002universal.html Security Update 2007-002 (10.4.8 PPC): http://www.apple.com/support/downloads/securityupdate2007002ppc.html Security Update 2007-002 (10.3.9 Panther): http://www.apple.com/support/downloads/securityupdate2007002panther.html PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, DigitalMunition 3) LMH ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305102 OTHER REFERENCES: MOAB: 1) http://projects.info-pull.com/moab/MOAB-09-01-2007.html 3) http://projects.info-pull.com/moab/MOAB-20-01-2007.html SA23846: http://secunia.com/advisories/23846/ SA23945: http://secunia.com/advisories/23945/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. Successful exploits may cause arbitrary code to run superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions. Apple Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well. A local unprivileged user can trigger this vulnerability by submitting malicious requests, resulting in execute arbitrary commands. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The vulnerability is caused due to a boundary error within the SLP daemon ("slpd") when processing the "attr-list" field of a registration request. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. Disable the service. PROVIDED AND/OR DISCOVERED BY: KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-17-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, and denial of service. III. These and other updates are available via Software Update or via Apple Downloads. IV. References * US-CERT Vulnerability Notes for Apple Security Update 2008-001 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_001> * About the security content of Mac OS X 10.5.2 and Security Update2008-001 - <http://docs.info.apple.com/article.html?artnum=307430> * About the Mac OS X 10.5.2 Update - <http://docs.info.apple.com/article.html?artnum=307109> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Apple - Support - Downloads - <http://www.apple.com/support/downloads/> * X.org Foundataion Security Advisories - <http://www.x.org/wiki/Development/Security> * Samba Security Releases - <http://www.samba.org/samba/history/security.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-043B.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE-----

Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. Ingate Firewall and SIParator are prone to an unspecified authentication-replay vulnerability. Very few details regarding this issue are available at this time. This BID will be updated as more information becomes available. Versions prior to 4.5.1 are vulnerable. Both Ingate Firewall and SIParator are enterprise-level hardware firewall devices. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Ingate Firewall and SIParator Replay Attack Vulnerability SECUNIA ADVISORY ID: SA23737 VERIFY ADVISORY: http://secunia.com/advisories/23737/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Ingate Firewall 4.x http://secunia.com/product/4050/ Ingate SIParator 4.x http://secunia.com/product/5687/ DESCRIPTION: A vulnerability has been reported in Ingate Firewall and SIParator, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 4.5.1. http://www.ingate.com/upgrades.php PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-451.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. Ipswitch WS_FTP 2007 Professional is prone to a local memory-corruption vulnerability. This issue occurs when the 'wsbho2k0.dll' library fails to handle specially crafted arguments. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users. Ipswitch WS_FTP 2007 Professional is vulnerable to this issue; other versions may also be affected. A buffer overflow vulnerability exists in Ipswitch WS_FTP 2007 Professional's wsbho2k0.dll when used by wsftpurl.exe

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT (System Service Descriptor Table) hooking on files in its installation directory. A local attacker can exploit this issue to elevate their privileges, which can lead to the complete compromise of an affected computer. Outpost Firewall PRO 4.0 is vulnerable; other versions may also be affected. Outpost Firewal Pro is a small and exquisite network firewall software, including advertisement and image filtering, content filtering, DNS cache and other functions. Outpost uses various SSDT hooks to protect files and directories in its installation directory, but when implementing this protection, it cannot prevent malicious applications from calling the original API ZwSetInformationFile class FileLinkInformation, which allows attackers to replace the ones that the system does not use when calling this function document. A vulnerable file in the Outpost installation directory is SandBox.sys. An attacker can replace this driver with a fake copy, and the system will load the driver on the next reboot. Since the driver runs in privileged kernel mode, this can result in complete system control

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successful exploits will result in denial-of-service conditions. Applications using WebKit build 18794 are vulnerable to this issue

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 and prior versions are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: PHP-Nuke "cat" Old Articles Block SQL Injection SECUNIA ADVISORY ID: SA23748 VERIFY ADVISORY: http://secunia.com/advisories/23748/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ DESCRIPTION: Paisterist has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "cat" parameter through index.php to blocks/block-Old_Articles.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation e.g. allows retrieval of administrator usernames and password hashes, but requires that "register_globals" is enabled, "magic_quotes_gpc" is disabled, and the attacker knows the prefix for the database tables. The vulnerability is confirmed in version 7.9. SOLUTION: Edit the source code to ensure that input is properly sanitised. Use another product. PROVIDED AND/OR DISCOVERED BY: Paisterist ORIGINAL ADVISORY: http://www.neosecurityteam.net/advisories/PHP-Nuke-7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. An attacker can exploit this issue to cause the vulnerable JTapi Gateway service to restart. Since the restart process can take several minutes, no new connections will be processed during that time, which effectively means a denial of service for legitimate users. If the system is deployed in a redundant manner, the redundant system will take over to prevent loss of service, but the JTapi gateway process can also be restarted in the redundant system by exploiting the same vulnerability. An attacker must be able to complete a triple TCP handshake to the JTapi server port to exploit this vulnerability. This port number depends on how the product is deployed and whether redundant servers exist. You can determine the port number by querying the jtapiServerPortNumber value in the Windows registry: * HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems, Inc.\ICM\[instanceName]\PG[Number][A/B]\PG\CurrentVersion\JGWS\jgw[number ]\JGWData\Config

The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange.". CISCO IOS Data-link Switching (DLSw) is prone to a denial-of-service vulnerability. Only network appliances that have the affected service enabled are vulnerable to this issue. To exploit this issue, attackers must be able to connect to the affected service. Attackers can exploit this issue to cause a reload of the affected service, effectively denying further service to legitimate users. This issue affects all CISCO routers using Cisco IOS Software versions 11.0 through 12.4. This issue is being tracked by the Cisco Bug ID: CSCsf28840. The Data Link Switching (DLSw) feature of Cisco IOS allows IBM System Network Architecture (SNA) and Network Infrastructure Input/Output System (NetBIOS) communications to be transported over an IP network. Creating a DLSw newsletter consists of the following operational phases. 1. In the first phase, DLSw peers create two TCP connections with each other via TCP port 2065 or 2067, and these TCP connections are the basis of DLSw communication. 2. The DLSw partners exchange a list of supported features in the second phase after the connection is created. This helps the peers to use the same options. This is especially important if the DLSw partners are produced by different manufacturers. 3. In the next step the DLSw partner creates a line between the SNA or NetBIOS end systems over which information frames can be transmitted

The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. (1) TCP port 10618 To &CONNECTSERVER& String (2) TCP port 10618 To &ADDENTRY& String (3) TCP port 10618 To &FIN& String (4) TCP port 10618 To &START& String (5) TCP port 10618 To &LOGPATH& String (6) TCP port 10618 To &FWADELTA& String (7) TCP port 10618 To &FWALOG& String (8) TCP port 10618 To &SETSYNCHRONOUS& String (9) TCP port 10618 To &SETPRGFILE& String (10) TCP port 10618 To &SETREPLYPORT& String. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/21994.py Patching plan: The vendor has not released an upgrade patch for the time being, please pay attention to the vendor address in time: http://www.eiqnetworks.com/products/ NetworkSecurityAnalyzer.shtml. A malicious server could cause a vulnerable client application to crash, effectively denying service

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Mac OS X of ffs_mountfs The function contains an integer overflow vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images. Failed exploit attempts will result in a denial-of-service condition. If an attacker can trick users into loading a malicious UFS DMG image, heap overflow will be triggered, resulting in arbitrary code execution. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24198 VERIFY ADVISORY: http://secunia.com/advisories/24198/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error exists in Finder, which can be exploited by malicious people to cause a buffer overflow by tricking a user to mount a malicious disk image. 2) A null-pointer dereference error in iChat Bonjour can be exploited by malicious people to cause the application to crash. 3) A format string error in the handling of AIM URLs in iChat can be exploited by malicious people to possibly execute arbitrary code. Successful exploitation requires that a user is tricked into accessing a specially crafted AIM URL. For more information: SA23846 SOLUTION: Apply Security Update 2007-002: Security Update 2007-002 (10.4.8 Universal): http://www.apple.com/support/downloads/securityupdate2007002universal.html Security Update 2007-002 (10.4.8 PPC): http://www.apple.com/support/downloads/securityupdate2007002ppc.html Security Update 2007-002 (10.3.9 Panther): http://www.apple.com/support/downloads/securityupdate2007002panther.html PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, DigitalMunition 3) LMH ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305102 OTHER REFERENCES: MOAB: 1) http://projects.info-pull.com/moab/MOAB-09-01-2007.html 3) http://projects.info-pull.com/moab/MOAB-20-01-2007.html SA23846: http://secunia.com/advisories/23846/ SA23945: http://secunia.com/advisories/23945/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). TIS Firewall Toolkit is prone to a remote buffer-overflow vulnerability because the software fails to properly check boundaries of user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer. Other vulnerabilities may also be present, but this has not been confirmed

fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption. A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. Apple of 802.11n Corresponding AirMac Extreme The base station AirMac There is an issue with password protection on disks not working properly. Also, Mac OS X Used in fsck Contains a memory corruption vulnerability.AirMac Extreme If it is password protected AirMac The file name on the disc may be viewed by users on the local network. Also Mac OS X In the case of a disc image crafted by a third party USF In the file system fsck By executing, arbitrary code may be executed. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AirPortDriver module, CoreServices, Libinfo, Login Window, Natd, SMB, System Configuration, URLMount, VideoConference framework, WebDAV, and WebFoundation. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues. Apple AirPort Extreme Base Station is prone to an information-disclosure vulnerability. An attacker can exploit this issue to view filenames on a password-protected AirPort Disk without supplying a password. Firmware versions prior to 7.1 are vulnerable. There is a loophole in the implementation of the AirPort Disk function, and remote attackers may use this loophole to remotely obtain sensitive information. The AirPort Disk feature allows users on the local network to browse file names (but not file content) on a password-protected disk without providing a password, resulting in the disclosure of sensitive information. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Gentoo update for mit-krb5 SECUNIA ADVISORY ID: SA23903 VERIFY ADVISORY: http://secunia.com/advisories/23903/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for krb5. This fixes some vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23690 SA23696 SOLUTION: Update to "app-crypt/mit-krb5-1.5.2" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml OTHER REFERENCES: SA23690: http://secunia.com/advisories/23690/ SA235696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port.". A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AirPortDriver module, CoreServices, Libinfo, Login Window, Natd, SMB, System Configuration, URLMount, VideoConference framework, WebDAV, and WebFoundation. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Gentoo update for mit-krb5 SECUNIA ADVISORY ID: SA23903 VERIFY ADVISORY: http://secunia.com/advisories/23903/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for krb5. This fixes some vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23690 SA23696 SOLUTION: Update to "app-crypt/mit-krb5-1.5.2" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml OTHER REFERENCES: SA23690: http://secunia.com/advisories/23690/ SA235696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------