VARIoT IoT vulnerabilities database

sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. FreeBSD is prone to a remote denial-of-service vulnerability. Remote attackers can exploit this issue to cause the kernel's TCP stack to panic, denying service to legitimate users. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Vulnerability SECUNIA ADVISORY ID: SA32117 VERIFY ADVISORY: http://secunia.com/advisories/32117/ CRITICAL: Less critical IMPACT: Spoofing, Exposure of sensitive information, DoS WHERE: >From local network OPERATING SYSTEM: Force10 FTOS Routers http://secunia.com/advisories/product/20024/ DESCRIPTION: A vulnerability has been reported in Force10 FTOS Routers, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). This can be exploited to add a fake entry to the router's neighbor cache via a neighbor solicitation request containing a spoofed IPv6 address. Successful exploitation may allow the interception or disruption of network traffic, but requires that the IPv6 nodes involved in the attack are using the same router. SOLUTION: The vendor has reportedly fixed the vulnerability in FTOS version E7.7.1.1. PROVIDED AND/OR DISCOVERED BY: US-CERT credits David Miles. ORIGINAL ADVISORY: http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 OTHER REFERENCES: US-CERT VU#472363: http://www.kb.cert.org/vuls/id/472363 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:09.icmp6 Security Advisory The FreeBSD Project Topic: Remote kernel panics on IPv6 connections Category: core Module: sys_netinet6 Announced: 2008-09-03 Credits: Tom Parker, Bjoern A. Zeeb Affects: All supported versions of FreeBSD. Corrected: 2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE) 2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4) 2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE) 2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4) CVE Name: CVE-2008-3530 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background IPv6 nodes use ICMPv6 amongst other things to report errors encountered while processing packets. The 'Packet Too Big Message' is sent in case a node cannot forward a packet because the size of the packet is larger than the MTU of next-hop link. II. III. Workaround Systems without INET6 / IPv6 support are not vulnerable and neither are systems which do not listen on any IPv6 TCP sockets and have no active IPv6 connections. Filter ICMPv6 'Packet Too Big Messages' using a firewall, but this will at the same time break PMTU support for IPv6 connections. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE or 7-STABLE, or to the RELENG_6_3 or RELENG_7_0 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3 and FreeBSD 7.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch # fetch http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/sys/netinet6/icmp6.c 1.62.2.11 RELENG_6_3 src/UPDATING 1.416.2.37.2.9 src/sys/conf/newvers.sh 1.69.2.15.2.8 src/sys/netinet6/icmp6.c 1.62.2.9.2.1 RELENG_7 src/sys/netinet6/icmp6.c 1.80.2.7 RELENG_7_0 src/UPDATING 1.507.2.3.2.8 src/sys/conf/newvers.sh 1.72.2.5.2.8 src/sys/netinet6/icmp6.c 1.80.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3530 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-08:09.icmp6.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFIvu2hFdaIBMps37IRAjxxAJwIIXP+ALAZkvG5m687PC+92BtXTwCfUZdS AvvrO0r+UAa6bn1H9mFf9So= =MBB1 -----END PGP SIGNATURE-----

Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. Bios is prone to a information disclosure vulnerability. Intel firmware PE94510M is intel's bios update applet. information

Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. QuickTime Player is prone to a denial-of-service vulnerability. QuickTime is a powerful audio and video player produced by Apple Inc. It also triggers memory corruption

GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL. GreenSQL Firewall is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. Successfully exploiting this issue may aid in SQL attacks on the underlying application. The vulnerability has been successfully parsed by MySQL

Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Siemens Gigaset WLAN Camera is reported prone to an insecure-default-password vulnerability. A remote attacker with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access to the application

The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is prone to a denial-of-service vulnerability. Successfully exploiting this issue will allow attackers to crash the affected application, denying service to legitimate users. SOLUTION: Restrict network access to the web management interface. PROVIDED AND/OR DISCOVERED BY: Brandon Shilling and r@b13$, Digital Defense, Inc. Vulnerability Research Team ORIGINAL ADVISORY: DDIVRT-2008-14: http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064226.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. Iphone is prone to a information disclosure vulnerability. Apple Iphone is an epoch-making mobile phone terminal launched by Apple Inc. that supports multi-touch

Plesk is a comprehensive control panel solution for managing sites.  If SHORTNAMES = 1 is enabled for email login in Plesk, QMAIL will accept any base64-encoded username starting with a valid shortname during AUTH LOGIN authentication. This allows an attacker to log in to mail or other services protected by the plesk authentication module and relay spam through the smtp authentication permissions obtained.  You must remove SHORTNAMES = 1 from smtp (s) _psa to fix this problem, just setting it to 0 cannot solve it.

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab="><script>alert(1);</script> http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script> http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script> Workaround/Fix vtiger CRM Security Patch for 5.0.4 [1] Disclosure Timeline 2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4]. Fabian Fingerle, 2008-09-01 [1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/ -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu . Successful exploitation of this vulnerability requires that the target user has valid user credentials. The vulnerabilities are confirmed in version 5.0.4. SOLUTION: Apply the vendor's official patch: http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5 PROVIDED AND/OR DISCOVERED BY: Fabian Fingerle ORIGINAL ADVISORY: http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. The DreamBox DM500 series is an intelligent set-top box device. DreamBox DM500 incorrectly submits a URL request containing a directory traversal character. A remote attacker can exploit the vulnerability to view system file information in the application context. Dreambox is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Dreambox DM500C is vulnerable; other models may also be affected. DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Dreambox DM500 Long Requests Denial of Service Vulnerability SECUNIA ADVISORY ID: SA31650 VERIFY ADVISORY: http://secunia.com/advisories/31650/ CRITICAL: Not critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Dreambox DM500 http://secunia.com/product/19701/ DESCRIPTION: Marc Ruef has reported a vulnerability in Dreambox DM500, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the web interface when processing overly long requests. This can be exploited to cause a DoS by sending malicious requests to a vulnerable device. SOLUTION: Use a firewall or proxy to filter malicious requests. PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG ORIGINAL ADVISORY: http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807 http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. NetBSD is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: NetBSD PPPoE Packet Processing Tag Length Vulnerability SECUNIA ADVISORY ID: SA31597 VERIFY ADVISORY: http://secunia.com/advisories/31597/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: NetBSD 3.1 http://secunia.com/product/16089/ DESCRIPTION: A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due incorrect length check when processing tags within a PPPoE packet. This can be exploited to e.g. crash the kernel by sending a specially crafted PPPoE packet to a vulnerable system. Successful exploitation requires that a PPPoE interface has been created (e.g. via ""ifconfig pppoe0 create") and the attacker can send PPPoE packets to the affected system. The vulnerability is reported in NetBSD version 3.0, 3.1, and 4.0. SOLUTION: Fixed in the CVS repository. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Yasuoka Masahiko, Internet Initiative Japan Inc ORIGINAL ADVISORY: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-010.txt.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. Intel BIOS is prone to an unspecified privilege-escalation vulnerability. Successfully exploiting this issue will allow programs running with administrative (ring 0) privileges to modify code running in System Management Mode. Currently very few technical details are available. We will update this BID as more information emerges

Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response.". Ipswitch WS_FTP is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Ipswitch WS_FTP is an FTP client software. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: WS_FTP Home / Professional Format String Vulnerability SECUNIA ADVISORY ID: SA31504 VERIFY ADVISORY: http://secunia.com/advisories/31504/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Ipswitch WS_FTP Professional 2007 http://secunia.com/product/13838/ Ipswitch WS_FTP Home 2007 http://secunia.com/product/19609/ DESCRIPTION: securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a format string error when processing responses of the FTP server. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation may allow the execution of arbitrary code. The vulnerability is confirmed in WS_FTP Home version 2007.0.0.2 and WS_FTP Professional version 2007.1.0.0. Other versions may also be affected. SOLUTION: Connect to trusted servers only. PROVIDED AND/OR DISCOVERED BY: securfrog ORIGINAL ADVISORY: http://milw0rm.com/exploits/6257 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the WS_FTP Home and WS_FTP Professional clients. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: WS_FTP Home / Professional Format String Vulnerability SECUNIA ADVISORY ID: SA31504 VERIFY ADVISORY: http://secunia.com/advisories/31504/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Ipswitch WS_FTP Professional 2007 http://secunia.com/product/13838/ Ipswitch WS_FTP Home 2007 http://secunia.com/product/19609/ DESCRIPTION: securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation may allow the execution of arbitrary code. Other versions may also be affected. SOLUTION: Connect to trusted servers only. PROVIDED AND/OR DISCOVERED BY: securfrog ORIGINAL ADVISORY: http://milw0rm.com/exploits/6257 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request. Computer Associates products are prone to two vulnerabilities. Attackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions. Successful attacks will completely compromise the computer or cause denial-of-service conditions. CA Host-Based Intrusion Prevention System (HIPS) is CA's host intrusion prevention system software. There is a vulnerability in the kmxfw.sys driver in CA HIPS r8. No special user rights are necessary to exploit the vulnerability. ====================== Technical description: ====================== The IOCTL call 0x85000030 of the KmxFw.sys kernel driver shipped with various CA products accepts user supplied input that doesn't get validated enough. In consequence it is possible to pass arbitrary parameter values to some windows kernel functions (e.g. ExFreePoolWithTag). If these parameters are carefully crafted it is possible to force the windows kernel into performing a memory corruption that leads to full control of the kernel execution flow. Disassembly of KmxFw.sys (version 6.5.5.5): [...] .text:00019800 mov eax, [esp+IOCTLControlCode] <-- (1) .text:00019804 sub esp, 2Ch .text:00019807 push ebx .text:00019808 push esi .text:00019809 push edi .text:0001980A add eax, 7AFFFFFCh .text:0001980F xor edi, edi .text:00019811 xor ebx, ebx .text:00019813 cmp eax, 4Ch ; switch 77 cases .text:00019816 ja loc_19943 ; default [...] .text:0001981C movzx eax, ds:byte_19BA0[eax] <-- (2) .text:00019823 jmp ds:off_19B6C[eax*4] ; switch jump [...] .text:000199E1 loc_199E1: .text:000199E1 cmp [esp+38h+InputBufferSize], 10h <-- (3) .text:000199E6 jb loc_19943 ; default [...] .text:000199EC mov eax, [esp+38h+InputBuffer] <-- (4) .text:000199F0 mov ecx, [eax+8] <-- (5) .text:000199F3 mov edx, [eax] <-- (6) .text:000199F5 push ecx ; BaseAddress <-- (7) .text:000199F6 push edx ; Mdl <-- (8) .text:000199F7 mov ecx, offset off_28600 .text:000199FC call sub_12B70 <-- (9) [...] (1) IOCTL control code is copied into EAX (2) IOCTL control code switch cases (3) Switch case of the vulnerable IOCTL control code 0x85000030. There's also a minor check of the IOCTL input buffer size (must be greater than 0x10). (4) Pointer to user controlled data is copied into EAX (5) Part of the user controlled data is copied into ECX (6) Part of the user controlled data is copied into EDX (7) + (8) The user controlled values of ECX and EDX are used as parameters for the following function (sub_12B70) that gets called (9) The function sub_12B70 gets called [...] .text:00012B70 sub_12B70 proc near .text:00012B70 Mdl_uc = dword ptr 4 .text:00012B70 BaseAddress_uc = dword ptr 8 .text:00012B70 .text:00012B70 push esi .text:00012B71 mov esi, [esp+4+Mdl_uc] <-- (10) .text:00012B75 test esi, esi .text:00012B77 jz short loc_12B90 .text:00012B79 mov eax, [esp+4+BaseAddress_uc] <-- (11) .text:00012B7D test eax, eax .text:00012B7F jz short loc_12B89 .text:00012B81 push esi ; MemoryDescriptorList <-- (12) .text:00012B82 push eax ; BaseAddress <-- (13) .text:00012B83 call ds:MmUnmapLockedPages <-- (14) .text:00012B89 .text:00012B89 loc_12B89: .text:00012B89 push esi ; Mdl <-- (15) .text:00012B8A call ds:IoFreeMdl <-- (16) [...] (10) User controlled data gets copied into ESI (11) User controlled data gets copied into EAX (12) + (13) The user controlled values of ESI and EAX are used as parameters for the windows kernel function MmUnmapLockedPages (14) The windows kernel function MmUnmapLockedPages gets called (15) The user controlled value in ESI is used as a parameter for the windows kernel function IoFreeMdl (16) The windows kernel function IoFreeMdl gets called In the IoFreeMdl function of the windows kernel the ExFreePoolWithTag function gets called with user controlled parameters. Example of the IoFreeMdl function of the Windows 2000 Professional SP4 kernel: [...] .text:0041E700 ; void __stdcall IoFreeMdl(PMDL Mdl) .text:0041E700 public IoFreeMdl .text:0041E700 IoFreeMdl proc near .text:0041E700 .text:0041E700 P = dword ptr 4 .text:0041E700 .text:0041E700 push esi .text:0041E701 mov esi, [esp+4+P] <-- (17) .text:0041E705 test byte ptr [esi+6], 20h .text:0041E709 jz short loc_41E714 [...] .text:0041E714 loc_41E714: .text:0041E714 mov ax, [esi+6] .text:0041E718 test al, 8 .text:0041E71A jz short loc_41E72B [...] .text:0041E72B .text:0041E72B loc_41E72B: .text:0041E72B push esi ; P <-- (18) .text:0041E72C call ExFreePool <-- (19) [...] (17) The user controlled data gets copied into ESI (18) + (19) ESI is used as a parameter for the ExFreePool kernel function that calls ExFreePoolWithTag If the user supplied parameter for ExFreePoolWithTag is carefully crafted it is possible to overwrite an arbitrary memory location with an arbitrary dword value (write4 primitive). This can be exploited to control the kernel execution flow and to execute arbitrary code at the kernel level. ========= Solution: ========= See vendor recommendations described under [1]. ======== History: ======== 2008/03/06 - Vendor notified using vuln@ca.com 2008/03/06 - Vendor response with PGP key 2008/03/08 - Detailed vulnerability information sent to the vendor 2008/03/08 - Vendor acknowledges receipt of the information 2008/08/12 - Coordinated disclosure ======== Credits: ======== Vulnerability found and advisory written by Tobias Klein. =========== References: =========== [1] http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559 [2] http://www.trapkit.de/advisories/TKADV2008-006.txt ======== Changes: ======== Revision 0.1 - Initial draft release to the vendor Revision 1.0 - Public release =========== Disclaimer: =========== The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. ================== PGP Signature Key: ================== http://www.trapkit.de/advisories/tk-advisories-signature-key.asc Copyright 2008 Tobias Klein. 2) An unspecified error in the kmxfw.sys driver can be exploited to cause a DoS. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tobias Klein 2) Elazar Broad ORIGINAL ADVISORY: CA: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities CA Advisory Date: 2008-08-11 Reported By: CVE-2008-2926 - Tobias Klein CVE-2008-3174 - Elazar Broad Impact: A remote attacker can cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability, CVE-2008-2926, occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. The second vulnerability, CVE-2008-3174, occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash. Mitigating Factors: None Severity: CA has given these vulnerabilities a Medium risk rating. CA Personal Firewall Engine 1.2.276 and later are not affected. To ensure that the latest automatic update is installed on your computer, customers can view the Help>About screen in their CA Personal Firewall product and confirm that the engine version number is 1.2.276 or higher. For support information, visit http://shop.ca.com/support. How to determine if you are affected: 1. Using Windows Explorer, locate the file "kmxfw.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory. 2. Right click on the file and select Properties. 3. Select the General tab. 4. If the file version is less than indicated in the below table, the installation is vulnerable. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj4DBQFIoduueSWR3+KUGYURAmmKAJ9FWl5gIZrbrGhg5CZ0NKzw0QE8qQCY+Qys ekQdlRjiIYnyp9WEqqGAxQ== =ltU4 -----END PGP SIGNATURE-----

Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation.". (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Computer Associates products are prone to two vulnerabilities. Attackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions. Successful attacks will completely compromise the computer or cause denial-of-service conditions. There is an unknown vulnerability in the kmxfw.sys driver in CA HIPS r8. 2) An unspecified error in the kmxfw.sys driver can be exploited to cause a DoS. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tobias Klein 2) Elazar Broad ORIGINAL ADVISORY: CA: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . CA has issued updates to address the vulnerabilities. The first vulnerability, CVE-2008-2926, occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. The second vulnerability, CVE-2008-3174, occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash. Mitigating Factors: None Severity: CA has given these vulnerabilities a Medium risk rating. CA Personal Firewall Engine 1.2.276 and later are not affected. To ensure that the latest automatic update is installed on your computer, customers can view the Help>About screen in their CA Personal Firewall product and confirm that the engine version number is 1.2.276 or higher. For support information, visit http://shop.ca.com/support. How to determine if you are affected: 1. Using Windows Explorer, locate the file "kmxfw.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory. 2. Right click on the file and select Properties. 3. Select the General tab. 4. If the file version is less than indicated in the below table, the installation is vulnerable. File Name Version Size (bytes) Date kmxfw.sys 6.5.5.18 115,216 March 14, 2008 Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Host-Based Intrusion Prevention System SDK https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=182496 Solution Document Reference APARs: RO00535 CA Security Response Blog posting: CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/12.aspx Reported By: Tobias Klein (CVE-2008-2926) http://www.trapkit.de/ Elazar Broad (CVE-2008-3174) CVE References: CVE-2008-2926 - CA HIPS kmxfw.sys IOCTL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2926 CVE-2008-3174 - CA HIPS kmxfw.sys denial of service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj4DBQFIoduueSWR3+KUGYURAmmKAJ9FWl5gIZrbrGhg5CZ0NKzw0QE8qQCY+Qys ekQdlRjiIYnyp9WEqqGAxQ== =ltU4 -----END PGP SIGNATURE-----

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. Note that under certain circumstances, attackers may be able to write controlled content to arbitrary files, which will likely result in other attacks. CUPS 1.3,8 is vulnerable; other versions may also be affected. Common Unix Printing System (CUPS) is a common Unix printing system and a cross-platform printing solution in the Unix environment. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. This vulnerability is different from CVE-2001-1333. =========================================================== Ubuntu Security Notice USN-707-1 January 12, 2009 cups, cupsys vulnerabilities CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.12 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.9 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.3 Ubuntu 8.10: cups 1.3.9-2ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. (CVE-2008-5183) It was discovered that CUPS did not authenticate users when adding and cancelling RSS subscriptions. An unprivileged local user could bypass intended restrictions and add a large number of RSS subscriptions. This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184) It was discovered that the PNG filter in CUPS did not properly handle certain malformed images. If a user or automated system were tricked into opening a crafted PNG image file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12.diff.gz Size/MD5: 100650 effacab03a0a75663148e730badca56e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12.dsc Size/MD5: 1060 e320589ea4731d43a927b6ea986e2ca9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.12_all.deb Size/MD5: 996 01d1b0dbc0bf6fed042b103b81d91293 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 36230 ac91b545a2f40de7c165f160928334be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 81912 f3ec3b95abadf43c3642d422bb1d8d64 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 2286872 779f854a26f5670c1183aac0a9adf15b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 6092 e4f7e6b58bbcf3656487d779ada528d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 77434 f7789b8cca7ea8f57ca2ca14f4cc1a9b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 25748 e2a92ba2421bafc00df0a6c1f99bcda8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_amd64.deb Size/MD5: 130184 6a0808bf1ea2650d8a97fc50ceee0aa6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 34766 ec9c0af53c98f9d904a8241331179a6d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 77990 c582e927e8d8bbdd29c5c111bc0dd162 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 2254158 f9e7ba99ce5ff49546a8922df47d0005 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 6092 969b76527edef12a2f3c77a77c97480e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 76550 2e653b4dac7063a7d290918bdafd43cf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 25748 cfff840b4e9984245fcd15d845183810 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_i386.deb Size/MD5: 122384 ec7ddfb032ee70d393c65d9d90060ea0 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 40466 119cafd93458295da6a6c8c12b35a262 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 89530 bc52672d7f4903f7ec745cbe778e4da2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 2301402 e3bf63715dbebb29410ce13098b645f1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 6088 68fd62d76fc0a4e2e515f5a644852e60 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 79208 b83506e935ffd0ac4c1311f003424f2b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 25744 cb2ca08057f83b9b40b60960712d8766 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_powerpc.deb Size/MD5: 128150 597300fc1511305508b9c0e62c061660 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 35388 afe7217a6f8ebe6fba8f7668f8a6d5bf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 78722 0f5be23fb63000b5fb2945f4a40ad70a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 2287758 3b8180329fa4c55ece2b828e07d3366c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 6090 aee18e619e301cdd7472d6f6a326655c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 76468 398ecfef9fff03f088e4964ad0e76c71 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 25748 22655777c70067f973fef557c9196bdf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.12_sparc.deb Size/MD5: 123876 99879b6877338c254ae31dcd0f4bae29 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9.diff.gz Size/MD5: 129791 3e27f46f569ec5719b5fe13fb78a9f14 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9.dsc Size/MD5: 1226 3a8eb42c55eb55163497543c39f23124 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.9_all.deb Size/MD5: 1080428 2a130e02392de2ce721ac25a9a71ef0f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 37202 8a68cf9bfa98bda7cf30f6bfba41dd2e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 89510 e721173ffa8c31fc92703b908140e84c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 2034862 f512c15b34be6e169e9f947ca916ca93 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 60018 4f4e8635956b4b882074cc2760ebcb5e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 46878 197a3efe70b9864efe397bb27e455933 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 152008 c05765a56717613f12ca4e47dd751864 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_amd64.deb Size/MD5: 186748 03cda4eef301db2a8f2cb6f5344c9f02 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 36480 6742a1d19a47e85b583bfc6cc8e5bef1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 86482 33d1e6cc218245db992e2b8337d63fad http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 2018562 6217c3d4a08b575b0fd01a2f0b6d9965 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 58836 228f15292895fb6714cf83ac08376530 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 46256 a2a663a767af4beccac469b36af692b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 145696 099603137d153ed2f50e0154fde6811f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_i386.deb Size/MD5: 183548 69d7d5292ed78f5a5dca16d9be7d9ebe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 36670 2f95875950737fb3b29d8170e0e842be http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 88296 51a1b00b3aa778300d6be240ca814448 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 2021580 ec2e3b013c825e7b1c269778d722c41f http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 59622 38519a455e3dca46fdc55980903ef527 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 47694 2a305b565e33a52d5cfe71bb09d3fbc0 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 142418 b0423e069760ca141c0e73f07b7049fb http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_lpia.deb Size/MD5: 181750 8e286ae296e7b3fd216d7137a4c21c19 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 46502 a1296168b5d3706b8870d2aca19cfc4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 107760 d98d3f88cf3706b28ca9706e4f21897e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 2099848 088263da7a0baba49e4b28f000070cdf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 59484 85a44c9e70aadd41bdcb9401af938361 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 51846 4442245f4cf71913bbd642f5185f93a0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 146944 ca2f12efe3d8b1ef0711019a6f4be4a3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_powerpc.deb Size/MD5: 192530 47b0cc559fb4548701addb4e389beda1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 37568 441cbf24d055107a408220ea945357e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 89612 42f545e2092863afc31a6beb921ba803 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 2061116 df2be5541017e5a11f265dc0420d1de4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 58094 4602a5ee17eae8d0769901ffff089eac http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 45560 fce319567830955760626e98a52bd9e0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 148474 0fa2f0010fbd4b08d91b1c62765ed46e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.9_sparc.deb Size/MD5: 182570 ef1eec9c88b499b3cea8742fc31d8edf Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3.diff.gz Size/MD5: 134438 a4a1876673e461e35cfec8952ca054f5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3.dsc Size/MD5: 1441 2ced31d2fde396439410f30e758d7db2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.3_all.deb Size/MD5: 1144166 4893a05510da7c9b5434d00fc29e455f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 37532 480443df9d0723c844c0c0f6408169a2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 89978 0d287573cdcc4701998ce53af56dd3f9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 1880612 2314ea0930f6d00794e0176916b6da35 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 60906 9042974135c36a37171a424b7d4a202d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 50368 3cd1eb8125943eaa9ee6dde601f4422e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 344934 c5aec8c571564cbd0c895145a875d02a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_amd64.deb Size/MD5: 177930 36d56cb0664534f425871d13d77e4b1a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 36968 6f01ef27169dfc9aa944c5049acbbe63 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 88402 dd874fead670a6d57e90176ad1facc94 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 1863008 ff961e2dbb46de7be8722d88178a38e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 60100 0881e753bb681af3463d6ed8d11c09cf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 49846 07a541a01b7e231c9988e779a3f602d0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 339346 d5efe383bc97ce56837e36806bfba341 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_i386.deb Size/MD5: 174778 a578d4f7a0fe9195167e7a0cafc37974 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 36678 3176e400d418ca744825919b30d1a248 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 88752 998f5ae89f57c5a3874a2bec71f435af http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 1865256 715aafc333b7d070b516950843cdf664 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 60548 39aa25aae6614a78a0b3c29e30d464f9 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 50860 1ba114f3487de2725c3704efbaf6a5c5 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 337010 98f33df59e831f8213370b533c9a6f7b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_lpia.deb Size/MD5: 173708 dca1c947f9af44e5d4c6bc2c604aa371 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 46930 5baf8d502a2bdca9954d98a542e92f1b http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 110824 b0aab96be927c4d4924df4c45049f8a0 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 1949124 d53346f89338971030ed9a202726849c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 59928 0c7f0193cfee10e401ca8304bc6a20bb http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 54930 694817b2babba26327d4b021a36f938a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 341674 78be76c752899ff02d96f7d9f4c8cbc1 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_powerpc.deb Size/MD5: 183682 2dfb517ad5388b6471fc3f33148110c7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 38030 018dbd428bea31bff3efe42c650ab930 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 91034 0cdf41119c49465205ec9d85e0fcedcb http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 1897932 265d337f28fada008fdf22034c76d43b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 57852 5ebf07d4d87d5c0ba46bb52b0cabe6bd http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 48224 ed14b7888ad80c70678b20881c6b9606 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 341382 ed914dcee1d36a7437ebdb46d44fba62 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.3_sparc.deb Size/MD5: 173608 98ee538398dcf7c112099d3e398b686e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1.diff.gz Size/MD5: 328034 b25d444f40ebc1f17984cb538172480c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1.dsc Size/MD5: 2043 3b36a5cadfe85ed62bf8b28de6ec7591 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu6.1_all.deb Size/MD5: 1162340 88ad6900549400af9f75f927227d45cb http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57652 7a33348b800c156e43a83e9083436bd5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57660 6c89ff2b1f7fe264b5caaaf986b36d9c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57652 ee1e3c3d68c190281678d7c1e7adadc9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57656 2e8d25c423fbc2e265b0d56633ebc67d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57670 b0c0e0f336be70d0c458b45936f98d0d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu6.1_all.deb Size/MD5: 4530 23fb36af369fe018cd11fb3291dcc3cc http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu6.1_all.deb Size/MD5: 57656 46de04530c997f729b7dce967559c8b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 37318 7c4c4cadb4f9b7f6e2c6080b790e6ee1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 119788 72cab9079aeefee51e09a3b31ae592fa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 1682518 3180c4e3fa3d5cfe0b2b894898485fdd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 2172420 d7928f5c71b128511a0864db35ba6fe9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 352208 ba6478c9d8f3712b0c1e648e48bbb0c3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 172690 b2f7befc45ccf3bcd176186f9c48ceb1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 61404 a16ecd777aca26b88c24d16b69e5f193 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_amd64.deb Size/MD5: 52392 7a9f6aabf047ad3225f8ec44d2fb5540 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 36216 b4999abd3bf22b2963db0969b40da8e1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 115352 9ec804831b4557a4ada56602384ecc39 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 1542016 c120e8f977f4b19be21e3b3067ca0df5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 2139174 18db7072b040bc4f3319b3b51361a239 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 345996 53a7bdb95ee0b5d3b0f96c463710dadd http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 169534 efa2f12acaf19bfab23d60478b5586cd http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 60536 ceb4ded5423c0a25ddcc924d29e390f5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_i386.deb Size/MD5: 51750 cf8f8190d6281a5881b8cc1922035758 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 36030 95ca36c48f733f3d709e94c2202e97db http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 114514 c44f5a21e630c130008be55aa258cb42 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 1571226 37ce539f88c38ba11a89515ddc188d2c http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 2135890 46cb00e52f60f8adc58496bc550a5ad9 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 342976 e14329c1e782470735f35422c592b473 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 167800 9cbad1fe09d9904ae6e026987d85731a http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 60672 8a5ca81cd3803ad98afe963360242177 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_lpia.deb Size/MD5: 52440 07bf6935608f398215f2880d5be9fd25 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 43578 6876bb9233cf8352dfbf66bc95ddf7e9 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 138186 b3868a2e0d935a95e9083773859f1cbe http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 1663458 2bf2dae0699cf7dc45889dc678f20fcc http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 2264178 b5b51d8116a46689275f98ea94e946af http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 347972 af66fd54a390946c7b676cf54cb6e22e http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 176964 0605e8b21a449afea97a3f5060af63e1 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 61336 79c4d467e37c334effe0b5ee31238901 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_powerpc.deb Size/MD5: 57492 a6d2f97d74132b1f2a40599398ecd9b1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 37220 31f862d50b31324596054730ea09f7d3 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 117632 b594a8cb5b194fef18a0393968fe0736 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 1490260 01fcb6d2d1c062dcdfd6cde440ef2a98 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 2200956 ebfffd46f41befdda3e30e3cb1ab521e http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 344800 6192418a2f2625f81551e9839d1187b4 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 165706 5804589b4f9bcc3bf016e3394f7acb7f http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 57906 34fef3b4e0a01df4a76c92768a8c292e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu6.1_sparc.deb Size/MD5: 49792 24e09a0af0155fd8a13ca3f1db035c6d

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Successful exploits will completely compromise devices running the affected software. We were not told which versions are affected. We will update this BID as more information emerges. There are multiple unidentified vulnerabilities in JavaME

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA31435 VERIFY ADVISORY: http://secunia.com/advisories/31435/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: Alcatel-Lucent OmniSwitch 7000 Series http://secunia.com/product/789/ Alcatel-Lucent OmniSwitch 6600 Series http://secunia.com/product/19553/ Alcatel-Lucent OmniSwitch 6800 Series http://secunia.com/product/19554/ Alcatel-Lucent OmniSwitch 6850 Series http://secunia.com/product/19555/ Alcatel-Lucent OmniSwitch 9000 Series http://secunia.com/product/19556/ DESCRIPTION: Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in the following Alcatel OmniSwitch products: * OS7000 Series * OS6600 Series * OS6800 Series * OS6850 Series * OS9000 Series SOLUTION: Update to the following versions: * 5.4.1.429.R01 or higher * 5.1.6.463.R02 or higher * 6.1.3.965.R01 or higher * 6.1.5.595.R01 or higher * 6.3.1.966.R01 or higher Contact the Alcatel-Lucent Technical Support for availability of other releases. PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense Research ORIGINAL ADVISORY: Alcatel-Lucent: http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm Layered Defense Research: http://www.layereddefense.com/alcatel12aug.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library. Failed attacks will likely cause denial-of-service conditions. 'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected. The vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS 23, 25, and 26 prior to 26.49.9.2838. WebEx is Cisco's web conferencing solution. WebEx Meeting Manager versions earlier than 20.2008.2606.4919 have a stack overflow vulnerability. The WebexUCFObject control in Atucfobj.dll does not properly validate input parameters to the NewObject() method. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA31397 VERIFY ADVISORY: http://secunia.com/advisories/31397/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: WebEx Meeting Manager http://secunia.com/product/3003/ DESCRIPTION: Elazar Broad has discovered a vulnerability in Webex Meeting Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the WebexUCFObject ActiveX control (atucfobj.dll) when handling arguments passed to the "NewObject()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 20.2008.2601.4928. SOLUTION: The vendor has reportedly fixed the vulnerability in version 20.2008.2606.4919. PROVIDED AND/OR DISCOVERED BY: Elazar Broad ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------