VARIoT IoT vulnerabilities database

Ipswitch IMail Server is a mail server bundled in the Ipswitch collaboration component. A buffer overflow vulnerability exists in the IMail server processing parameters of the SEARCH command request. A remote attacker could exploit this vulnerability to control the server. The IMail server has a stack buffer overflow problem when dealing with multiple options of the SEARCH command (BEFORE, ON, SINCE, SENTBEFORE, SENTON, SENTSINCE). The remote attacker can trigger an overflow by submitting a malformed SEARCH request, resulting in arbitrary instructions. Ipswitch IMail Server and Collaboration Suite (ICS) are prone to multiple buffer-overflow vulnerabilities because these applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions. These versions are reported vulnerable to these issues: Ipswitch Collaboration Suite (ICS) 2006 IMail Premium 2006.2 and 2006.21 Other versions may also be affected. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. This can be exploited to cause stack-based buffer overflows via overly long, quoted or unquoted arguments passed to the command. Successful exploitation allows execution of arbitrary code. Other versions may also be affected. SOLUTION: Grant only trusted users access to the IMAP service. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Secunia Research * ZhenHan Liu, Ph4nt0m Security Team. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Atheros Provided by the company Microsoft Windows The wireless network driver for is vulnerable to the frame handling part. Crafted 802.11 Sending a management frame causes a buffer overflow, resulting in service disruption ( DoS ) You may be attacked. 802.11b, 802.11g, 802.11n Management frames in are not encrypted and do not require authentication to be sent. further, WEP And WPA It has been found that even if wireless communication encryption such as is affected by this vulnerability. Linux And UNIX Used in NDISWrapper And using vulnerable drivers with similar technologies may also be affected.  The driver did not adequately check for malformed management frames, and a remote attacker could trigger an overflow by sending a specially constructed 802.11 management frame that requires no authentication or encryption. Atheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. This issue is reported to affect drivers for the Windows operating system. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. SOLUTION: The vendor has reportedly issued firmware updates (versions 5.3.0.35 and 6.0.3.67 and later) to OEMs. PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT. ORIGINAL ADVISORY: US-CERT VU#730169: http://www.kb.cert.org/vuls/id/730169 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use. platon of phpwebfilemanager Exists in unspecified vulnerabilities.None

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. Hitachi uCosminexus is an application server system.  There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.  Details of the vulnerability are currently unknown. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling SECUNIA ADVISORY ID: SA26250 VERIFY ADVISORY: http://secunia.com/advisories/26250/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From local network SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/ DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software.  There is a vulnerability in the implementation of Hitachi JP1 / Cm2 / Hierarchical Viewer. A remote attacker may use this vulnerability to cause a denial of service.  HV generates an error when processing malformed data, which makes the HV web interface unavailable. Attackers can exploit this issue to cause denial-of-service conditions. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Please see the vendor's advisory for a list of affected versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-021_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. Apple Safari is prone to a weakness that may result in the execution of potentially malicious Java applets. This issue results from a design error. This weakness arises because the application fails to properly check a security setting. Versions prior to Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are vulnerable to this issue. Safari is the WEB browser bundled with the Apple family operating system by default. Safari provides an option to enable Java preferences

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.". Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. ISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. In IP NAT filtering in Sun Solaris 10 and OpenSolaris series products, when a DNS server runs NAT, it incorrectly changes the original address of the data packet. When the destination address is a DNS port, it will allow remote attackers to bypass CVE-2008 -1447 security protection. And spoof the address returned by the DNS response. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. HP TCP/IP Services for OpenVMS 5.7 ECO5 package is available from the following location: The HP TCP/IP Services for OpenVMS 5.7 ECO5 kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2008-0014 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. Issue date: 2008-08-29 Updated on: 2008-08-29 (initial release of advisory) CVE numbers: CVE-2008-2101 CVE-2007-5269 CVE-2008-1447 CVE-2008-3691 CVE-2008-3692 CVE-2008-3693 CVE-2008-3694 CVE-2008-3695 CVE-2007-5438 CVE-2008-3696 CVE-2008-3697 CVE-2008-3698 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 CVE-2007-5503 - -------------------------------------------------------------------------- 1. Summary Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. 2. Relevant releases VMware Workstation 6.0.4 and earlier, VMware Workstation 5.5.7 and earlier, VMware Player 2.0.4 and earlier, VMware Player 1.0.7 and earlier, VMware ACE 2.0.4 and earlier, VMware ACE 1.0.6 and earlier, VMware Server 1.0.6 and earlier, VMware ESX 3.0.3 without patches ESX303-200808404-SG, ESX303-200808403-SG ESX303-200808406-SG. VMware ESX 3.0.2 without patches ESX-1005109, ESX-1005113, ESX-1005114. VMware ESX 3.0.1 without patches ESX-1005108, ESX-1005112, ESX-1005111, ESX-1004823, ESX-1005117. NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products. Extended support (Security and Bug fixes) for ESX 3.0.2 ends on 10/29/2008 and Extended support for ESX 3.0.2 Update 1 ends on 8/8/2009. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. Extended Support (Security and Bug fixes) for ESX 3.0.1 has ended on 2008-07-31. The 3.0.1 patches are released in August because there was no patch release in July. 3. Problem Description I Security Issues a. Setting ActiveX killbit Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the Microsoft KB article 240797 and the related references on this topic. Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of- service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user. Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested. Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls. To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions. VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai, and Michal Bucko for reporting these issues to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.x Windows 6.0.5 build 109488 or later Workstation 6.x Linux not affected Workstation 5.x Windows 5.5.8 build 108000 or later Workstation 5.x Linux not affected Player 2.x Windows 2.0.5 build 109488 or later Player 2.x Linux not affected Player 1.x Windows 1.0.8 build or later Player 1.x Linux not affected ACE 2.x Windows 2.0.5 build 109488 or later ACE 1.x Windows 1.0.7 build 108880 or later Server 1.x Windows 1.0.7 build 108231 or later Server 1.x Linux not affected Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi not affected ESX any ESX not affected b. VMware ISAPI Extension Denial of Service The Internet Server Application Programming Interface (ISAPI) is an API that extends the functionality of Internet Information Server (IIS). VMware uses ISAPI extensions in its Server product. One of the ISAPI extensions provided by VMware is vulnerable to a remote denial of service. By sending a malformed request, IIS might shut down. IIS 6.0 restarts automatically. However, IIS 5.0 does not restart automatically when its Startup Type is set to Manual. VMware would like to thank the Juniper Networks J-Security Security Research Team for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3697 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.x Windows not affected Workstation 6.x Linux not affected Workstation 5.x Windows not affected Workstation 5.x Linux not affected Player 2.x Windows not affected Player 2.x Linux not affected Player 1.x Windows not affected Player 1.x Linux not affected ACE 2.x Windows not affected ACE 1.x Windows not affected Server 1.x Windows 1.0.7 build 108231 or later Server 1.x Linux not affected Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi not affected ESX any ESX not affected c. OpenProcess Local Privilege Escalation on Host System This release fixes a privilege escalation vulnerability in host systems. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges. VMware would like to thank Sun Bing from McAfee, Inc. for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3698 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.x Windows not affected Workstation 6.x Linux not affected Workstation 5.x Windows 5.5.8 build 108000 or later Workstation 5.x Linux not affected Player 2.x Windows not affected Player 2.x Linux not affected Player 1.x Windows 1.0.8 build 109488 or later Player 1.x Linux not affected ACE 2.x Windows not affected ACE 1.x Windows 1.0.7 build 108880 or later Server 1.x Windows 1.0.7 build 108231 or later Server 1.x Linux not affected Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi not affected ESX any ESX not affected d. Update to Freetype FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to 2.3.7. The Common Vulnerabilities and Exposures Project (cve.mitre.com) has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in Freetype 2.3.6. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.x Windows not affected Workstation 6.x Linux 6.0.5 build 109488 or later Workstation 5.x Windows not affected Workstation 5.x Linux 5.5.8 build 108000 or later Player 2.x Windows not affected Player 2.x Linux 2.0.5 build 109488 or later Player 1.x Windows not affected Player 1.x Linux 1.0.8 build 108000 or later ACE 2.x Windows not affected ACE 1.x Windows not affected Server 1.x Windows not affected Server 1.x Linux 1.0.7 build 108231 or later Fusion 1.x Mac OS/X affected, patch pending ESXi 3.5 ESXi not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 3.0.1 ESX not affected ESX 2.5.5 ESX affected, patch pending ESX 2.5.4 ESX affected, patch pending e. Update to Cairo Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to 1.4.14. The Common Vulnerabilities and Exposures (cve.mitre.com) has assigned the name CVE-2007-5503 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.x Windows not affected Workstation 6.x Linux 6.0.5 build 109488 or later Workstation 5.x Windows not affected Workstation 5.x Linux not affected Player 2.x Windows not affected Player 2.x Linux 2.0.5 build 109488 or later Player 1.x Windows not affected Player 1.x Linux not affected ACE 2.x Windows not affected ACE 1.x Windows not affected Server 1.x Windows not affected Server 1.x Linux not affected Fusion 1.x Mac OS/X affected, patch pending ESXi 3.5 ESXi not affected ESX any ESX not affected f. VMware Consolidated Backup(VCB) command-line utilities may expose sensitive information VMware Consolidated Backup command-line utilities accept the user password through the -p command-line option. Users logged into the service console could gain access to the username and password used by VCB command-line utilities when such commands are running. This patch resolves this issue by providing an alternative way of passing the password used by VCB command-line utilities. The following options are recommended for passing the password: 1. The password is specified in /etc/backuptools.conf (PASSWORD=xxxxx), and -p is not used in the command line. /etc/backuptools.conf file permissions are read/write only for root. 2. No password is specified in /etc/backuptools.conf and the -p option is not used in the command line. The user will be prompted to enter a password. ESX is not affected unless you use VCB. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2101 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= =================== VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200806203-UG ESX 3.0.3 ESX ESX303-200808403-SG ESX 3.0.2 ESX ESX-1004824 ESX 3.0.1 ESX ESX-1004823 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion g. Third Party Library libpng Updated to 1.2.29 Several flaws were discovered in the way third party library libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it causes an application linked with libpng to crash when the file is manipulated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to this issue. NOTE: There are multiple patches required to remediate the issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= =================== VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200808404-SG ESX303-200808403-SG ESX 3.0.2 ESX ESX-1005109 ESX-1005114 ESX-1005113 ESX 3.0.1 ESX ESX-1005112 ESX-1005108 ESX-1005111 ESX 2.5.5 ESX affected, patch pending ESX 2.5.4 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion II ESX Service Console rpm updates a. update to bind This update upgrades the service console rpms for bind-utils and bind-lib to version 9.2.4-22.el3. Version 9.2.4.-22.el3 addresses the recently discovered vulnerability in the BIND software used for Domain Name resolution (DNS). VMware doesn't install all the BIND packages on ESX Server and is not vulnerable by default to the reported vulnerability. Of the BIND packages, VMware only ships bind-util and bind-lib in the service console and these components by themselves cannot be used to setup a DNS server. Bind-lib and bind-util are used in client DNS applications like nsupdate, nslookup, etc. VMware explicitly discourages installing applications like BIND on the service console. In case the customer has installed BIND, and the DNS server is configured to support recursive queries, their ESX Server system is affected and they should replace BIND with a patched version. Note: ESX Server will use the DNS server on the network it is on, so it is important to patch that DNS server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1447 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= =================== VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX patch pending ESX 3.0.3 ESX ESX303-200808406-SG ESX 3.0.2 ESX ESX-1006356 ESX 3.0.1 ESX ESX-1005117 ESX 2.5.5 ESX patch pending ESX 2.5.4 ESX patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VMware Workstation 6.0.5 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Windows binary md5sum: 46b4c54f0493f59f52ac6c2965296859 RPM Installation file for 32-bit Linux md5sum: 49ebfbd05d146ecc43262622ab746f03 tar Installation file for 32-bit Linux md5sum: 14ac93bffeee72528629d4caecc5ef37 RPM Installation file for 64-bit Linux md5sum: 0a856f1a1a31ba3c4b08bcf85d97ccf6 tar Installation file for 64-bit Linux md5sum: 3b459254069d663e9873a661bc97cf6c VMware Workstation 5.5.8 ------------------------ http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Windows binary: md5sum: 745c3250e5254eaf6e65fcfc4172070f Compressed Tar archive for 32-bit Linux md5sum: 65a454749d15d4863401619d7ff5566e Linux RPM version for 32-bit Linux md5sum: d80adc73b1500bdb0cb24d1b0733bcff VMware Player 2.0.5 and 1.0.8 ----------------------------- http://www.vmware.com/download/player/ Release notes Player 1.x: http://www.vmware.com/support/player/doc/releasenotes_player.html Release notes Player 2.0 http://www.vmware.com/support/player2/doc/releasenotes_player2.html 2.0.5 Windows binary md5sum: 60265438047259b23ff82fdfe737f969 VMware Player 2.0.5 for Linux (.rpm) md5sum: 3bc81e203e947e6ca5b55b3f33443d34 VMware Player 2.0.5 for Linux (.tar) md5sum: f499603d790edc5aa355e45b9c5eae01 VMware Player 2.0.5 - 64-bit (.rpm) md5sum: 85bc2f11d06c362feeff1a64ee5a6834 VMware Player 2.0.5 - 64-bit (.tar) md5sum: b74460bb961e88817884c7e2c0f30215 1.0.8 Windows binary md5sum: e5f927304925297a7d869f74b7b9b053 Player 1.0.8 for Linux (.rpm) md5sum: a13fdb8d72b661cefd24e7dcf6e2a990 Player 1.0.8 for Linux (.tar) md5sum: 99fbe861253eec5308d8c47938e8ad1e VMware ACE 2.0.5 ---------------- http://www.vmware.com/download/ace/ Release notes 2.0: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html ACE Manager Server Virtual Appliance Virtual Appliance for the ACE Management Server md5sum: 41e7349f3b6568dffa23055bb629208d ACE for Window 32-bit and 64-bit Main installation file for Windows 32-bit and 64-bit host (ACE Option Page key required for enabling ACE authoring) md5sum:46b4c54f0493f59f52ac6c2965296859 ACE Management Server for Windows ACE Management Server installation file for Windows md5sum:33a015c4b236329bcb7e12c82271c417 ACE Management Server for Red Hat Enterprise Linux 4 ACE Management Server installation file for Red Hat Enterprise Linux 4 md5sum:dc3bd89fd2285f41ed42f8b28cd5535f ACE Management Server for SUSE Enterprise Linux 9 ACE Management Server installation file for SUSE Enterprise Linux 9 md5sum:2add6a4fc97e1400fb2f94274ce0dce0 VMware ACE 1.0.7 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html md5sum: 42d806cddb8e9f905722aeac19740f33 VMware Server 1.0.7 ------------------- http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server/doc/releasenotes_server.html VMware Server for Windows 32-bit and 64-bit md5sum: 2e2ee5ebe08ae48eac5e661cad01acf6 VMware Server Windows client package md5sum: ce7d906a5a8de37cbc20db4332de1adb VMware Server for Linux md5sum: 04f201122b16222cd58fc81ca814ff8c VMware Server for Linux rpm md5sum: 6bae706df040c35851823bc087597d8d Management Interface md5sum: e67489bd2f23bcd4a323d19df4e903e8 VMware Server Linux client package md5sum: 99f1107302111ffd3f766194a33d492b ESX --- ESX 3.5.0 patch ESX350-200806203-UG (VCB) http://download3.vmware.com/software/esx/ESX350-200806203-UG.zip md5sum: 3bd512dc8aa2b276f7cfd19080d193c9 http://kb.vmware.com/kb/1005896 ESX 3.0.3 patch ESX303-200808403-SG (libpng) http://download3.vmware.com/software/vi/ESX303-200808403-SG.zip md5sum: 5f1e75631e53c0e9e013acdbe657cfc7 http://kb.vmware.com/kb/1006034 ESX 3.0.3 patch ESX303-200808404-SG (libpng) http://download3.vmware.com/software/vi/ESX303-200808404-SG.zip md5sum: 65468a5b6ba105cfde1dd444d77b2df4 http://kb.vmware.com/kb/1006035 ESX 3.0.3 patch ESX303-200808406-SG (bind) http://download3.vmware.com/software/vi/ESX303-200808406-SG.zip md5sum: a11273e8d430e5784071caff673995f4 http://kb.vmware.com/kb/1006357 ESX 3.0.3 patch (VCB) ESX 3.0.2 patch ESX-1005109 (libpng) http://download3.vmware.com/software/vi/ESX-1005109.tgz md5sum: 456d74d94317f852024aed5d3852be09 http://kb.vmware.com/kb/1005109 ESX 3.0.2 patch ESX-1005113 (libpng) http://download3.vmware.com/software/vi/ESX-1005113.tgz md5sum: 5d604f2bfd90585b9c8679f5fc8c31b7 http://kb.vmware.com/kb/1005113 ESX 3.0.2 patch ESX-1005114 (libpng) http://download3.vmware.com/software/vi/ESX-1005114.tgz md5sum: 3b6d33b334f0020131580fdd8f9b5365 http://kb.vmware.com/kb/1005114 ESX 3.0.2 patch ESX-1004824 (VCB) http://download3.vmware.com/software/vi/ESX-1004824.tgz md5sum: c72b0132c9f5d7b4cb1b9e47748a9c5b http://kb.vmware.com/kb/1004824 ESX 3.0.2 patch ESX-1006356 (bind) http://download3.vmware.com/software/vi/ESX-1006356.tgz md5sum: f0bc9d0b641954145df3986cdb1c2bab http://kb.vmware.com/kb/1006356 ESX 3.0.1 patch ESX-1005111 (libpng) http://download3.vmware.com/software/vi/ESX-1005111.tgz md5sum: 60e1be9b41070b3531c06f9a0595e24c http://kb.vmware.com/kb/1005111 ESX 3.0.1 patch ESX-1005112 (libpng) http://download3.vmware.com/software/vi/ESX-1005112.tgz md5sum: ad645cef0f9fa18bb648ba5a37074732 http://kb.vmware.com/kb/1005112 ESX 3.0.1 patch ESX-1005108 (libpng) http://download3.vmware.com/software/vi/ESX-1005108.tgz md5sum: aabc873d978f023c929ccd9a54588ea5 http://kb.vmware.com/kb/1005108 ESX 3.0.1 patch ESX-1004823 (VCB) http://download3.vmware.com/software/vi/ESX-1004823.tgz md5sum: 5ff2e8ce50c18afca76fb16c28415a59 http://kb.vmware.com/kb/1004823 ESX 3.0.1 patch ESX-1005117 (bind) http://download3.vmware.com/software/vi/ESX-1005117.tgz md5sum: 5271ecc6e36fb6f1fdf372e57891aa33 http://kb.vmware.com/kb/1005117 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 - ------------------------------------------------------------------------ 6. Change log 2008-08-29 VMSA-2008-0014 initial release - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIuI98S2KysvBH1xkRCJp7AJ9Mq0+CEdoQRLzPLSRbv5OLqXqUHACfUSRt bZpHL8qHcNwAiTVz6P3+W6E= =PQ58 -----END PGP SIGNATURE----- . All customers should test the updates / patch in their environment. HP is investigating changes to reduce the performance issues. This bulletin will be revised when new updates / patch become available. =========================================================== Ubuntu Security Notice USN-622-1 July 08, 2008 bind9 vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.5 Ubuntu 7.04: libdns22 1:9.3.4-2ubuntu2.3 Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2 Ubuntu 8.04 LTS: libdns35 1:9.4.2-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Among other things, this could lead to misdirected email and web traffic. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5.diff.gz Size/MD5: 104296 a0aed8a7f9c1a914d9047876547c67d4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5.dsc Size/MD5: 803 795915bcbaf3e0c97f5ca1b541fecbe1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2.orig.tar.gz Size/MD5: 5302112 55e709501a7780233c36e25ccd15ece2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.2-2ubuntu1.5_all.deb Size/MD5: 180736 0ca869db29381743a0aa2acd480c0d36 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 112040 52e0eb5609ddf50411d43f388a04f917 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 311534 80e47bf514a33cad401524d7f43e044b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 184862 d09db412eb19271ecb2cf742a1816b05 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 1130056 50d2a84568a66d6ddf47e95b411fad29 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 92116 c71b74708301acf6a6ecbf608fab5d56 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 557278 63dc3e1e6488e6cff0059d1f3e490682 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 190576 c611f958e1393704d0ba84ed707839b1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 93250 f2005aeb8667d262326bf59d82c69ba1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 109046 4ecb1dbb245b01bddac47ea50e84acfd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 111524 a75c2314434af46dd79be91ba0dba036 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 219944 74b47bf188a3e82200ae564162d61a73 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 108882 b5967775be7b3115c62a4d7f9508b525 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 289854 1873ac12a760a4e14e5b88399658f905 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 175542 ea79ad2e1f210a7e107c90f5770bc806 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 997094 bb0cb2822c28a8e455bf1a928c6d0ef7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 91336 7bd20507d22e86691fb648d12795fc95 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 482908 d20a97bb56024597c1d158ec69b41c14 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 172564 108d61d18f73a8c51913fb1c84260af9 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 90784 3850d2c7f69c31c2d1d013fb862b587d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 102422 6951c7cdfd7a801b249e33648213d6a4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 107234 3d8606e265875294b7e150884be8cee7 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 203328 eb566ef1e4b485523f33271a001b56f9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 110524 1efa8d84b535e465623561c1f678a89c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 303594 9066c6e199c0598b7acd70b561506148 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 181654 c4b4fd9157adf5e449d5df01aef1e7d0 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 1204474 5d029c34854c4fca6b704fce98a74851 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 93418 bb908cbdb8c8028ad2af232f354a0008 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 516882 f8437dfca292d7d1d8b93c6aba2ae73a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 182374 368127ca61e8e8e5bceb49870cd2bd70 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 93604 4e42b14ee385a7c44ee8c1f728cabff7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 106410 f2db82079a9d85e5acb19e39eb2ced31 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 111058 06126f085691f8a2c8358e47f0a2d8d7 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 207816 45a904a0518de2feccc9678f83e4d5ec sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 110620 d5fdd4a4e6e4ea89c4e518f66acecbd1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 301372 e67bc7a6970f534ee5faac384801c895 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 180950 61dfdf0427c07fe2ab35901a64508b5a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 1116008 8be769301060285de28ad3e568dfd647 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 91674 629c0a0296adcdd7f52547eace987c39 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 511130 8c5a1778a9efd974dded9ca0f8225bdd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 181286 40c07c235b00a44aac6bbc28795c2c07 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 91184 8a2e4f0670f934d831c8cd1b40a3fa7a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 103900 80107ec78e4a006784b3a117c05ee1e6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 106762 8951b01a7b2f97aad4a93210d50850da http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 211124 2978354d73f6a9bf7dcd3c96b919eec0 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3.diff.gz Size/MD5: 285716 085d15195d25e9ad690d374e9adaecb0 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3.dsc Size/MD5: 888 9bde4140f2f312c3b4071990f21f5075 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4.orig.tar.gz Size/MD5: 4043577 198181d47c58a0a9c0265862cd5557b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.4-2ubuntu2.3_all.deb Size/MD5: 187788 25ad7fff219ac84a553e40a6c7af840c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 118810 baf5548fa89037279840b4158cf9c4eb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 322984 08a1b75f9a77c618f2e36b0534e1a7be http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 194018 bf92cede850d5f189c8895fdce8141f8 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 1123068 35f889b48402c1bb56c58d2b0f61dbbf http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 96684 98747d65d02a685db5256e417a54870b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 568742 d25c28c00bfc48ec52c18a3f5df8339a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 191858 067227f2f582db56911dbf3236e4aea2 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 97646 ef6f169da9562b22237e6c7a3edbafda http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 112594 cf9a0a5c4a940b4ba2d169c9c081dd9f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 116228 98dd0e9dcf07d0e49f0c4341e775bcf4 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 228496 31efc89af88b933b901d67c61b194ba6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 115168 6797a4d80f8a4196c8a948ad33bc39fe http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 303544 26dd7cd0aaf4712609a619846302ba21 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 184442 7cb775d8fe3051b3ccda2327d1c3083b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 1018542 c0fdcbb4acc613859ce6ab4781762ff7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 95774 5ddb6803f82c9117056a0a5de59aa5d6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 497640 5d71a76c2185fb7631c07ea415037302 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 175420 a07afa38758a587ed0998b5f78629b3b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 96014 bc47e546be9c1fd6a19e9d8d8366ed3d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 108214 686dd4ad9fb4413b7778786d667428e2 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 112700 86c736ba2fae3f194498d5f3f6de7306 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 213620 00fa556825d7defaa4fc45cad2138b02 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 118214 4081aec0d3d622fbc05dc097cf102e4f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 324724 09c0e4862ed9691c2527f755683a8b8c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 194978 b5f813766584254fd824e72baeffc96b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 1169812 34192103d6041b6f50e7dd6551a6dbf1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 98074 06572e8c43b6eeeeba3352ba3b94ce65 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 511582 21cc7a4347b3bb863a7151ad5cf73bd1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 183468 5844029a87c42bc54a547acaff985442 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 98738 2eed8603e4ba78e0b07e4e21df59e93d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 112116 a8f232fa8d8ab6429c57827ca1af13bc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 115894 193a734032dcdbb289fbddb68cb350b5 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 218796 cdc6ccf2614a684ecff0f63f9f96dfe1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 117664 48cc134e0194e3d732e79ca699f8406b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 315270 7bc67be9266eaddfc64138c6c01483bc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 191400 bc4b1922d10028421b14b69bf9d76bb7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 1141834 af414f9bcf9c42d1e52fe8b2069fc83d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 96070 43a9988edc73a9b4fd2ad6e98338a8fc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 513792 55b3d92618f678690e91956b131fa330 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 180638 b24a1a0d2d50b9d2fcba45971d23a7a4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 96248 425e3657f29e865c91be421484089106 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 109716 cddb416bc557fb9cdebc6372312c4350 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 113516 a102110917b6ec739fa2035e1f65e4a6 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 220226 b855b98a0ebde055930e560feec2a3c0 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2.diff.gz Size/MD5: 300771 40cda1f019e548208ef85f9dad5dfeec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2.dsc Size/MD5: 1001 e1318d3386a5d798b700b6d8ed108146 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1.orig.tar.gz Size/MD5: 4987098 683293e3acc85e30f5ca4bba8a096303 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.4.1-P1-3ubuntu2_all.deb Size/MD5: 233584 955901705316670276f41c633020a274 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 46106 8d04ee50411a1d62391209b8ccab5dfd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 278364 1f2de92494c8a7b5e93a53c75cffbb44 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 117148 927ff60a9de441ef3b1a86337c8756a1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 1162042 2d7d3e28b6e8422abc7cdfc41f046c73 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 26006 be5c5f455a5507b9e14b8678dac0f6bb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 552146 97272ff611d594b7346086268e4765ae http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 130934 4135eb09ffb1df2611dc809a682c74df http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 23180 a6afe8f12bf054deca547c2f72d55a66 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 42424 96a32f1fa3f81841fe7085bb01247f6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 41990 c90cb0cac5341fb94c7c959983350dd9 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 167296 61645dfcde5c7543d150d829ed113b0d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 42116 2701dd72510ac551881624a6931069ec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 254750 1300e37afb8268b112ab1718e998d443 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 106990 717db0ad88486bd34c79120f00e02551 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 1040234 db9099b5ac165aaaf6220317d054df8c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 24768 7b5c03984b957dafa6b4bcd981c5af9f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 470404 6a7d265fd0aba23035df443e8b78269b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 113492 685a3b04a9581c29466b67fef742674d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 21570 23a9a67e65a5e2f8dfb836aba5b0ece5 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 36630 cbfc768cbeceb42d104f41307f720688 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 38268 8d71f0b2df12a449fa7c3fd7613ff682 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 150304 f9c7b0ee3d4891b06ef4271c62c292d4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 41828 101a835923e507c0eea60ff08663b1a9 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 250104 87f9678cd733aacc482b1cd7705a820d http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 105740 c5035426f0bf196ad4f34d320e9126a5 http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 1025798 47551ddfeb321fd6ff69805bd3c72cf7 http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 24354 9c8a3f39052994adeb0e1277eb9c96d6 http://ports.ubuntu.com/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 449848 d70baaa8ab74b607cc20ac8befd935b3 http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 108538 e64e03f6db0678366f5ed7931bbb7bd8 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 20936 c735ba0c832279b708b38dd995f90eea http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 35840 6e09afe7daabc2722145eae0ccf64ebb http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 36964 7cf9822533618d4eeaaaaca191081a10 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 146046 3e90eb9276c3c9cd29722b58b44825d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 45228 6f58fdfb1a9464505b63d6ee10bfb499 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 279194 7fb180ca0c0fb2197b6cabcb9e5b87c1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 117336 4a6d45d30c6dfd9b7525e9efeb7cc390 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 1209208 c23a85c019b655f9044207a98c9eb472 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 27166 92bd4c64f9914f63fc59973bc0e73d6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 485638 3c3bff7bcd7df84170d9f45855785f46 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 121410 6eb18c5fee8ef25bfaab05b53a6776d1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 24308 94df6003c7e061d9a1e1cbcc1ed1133d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 41128 a78b1e2958a2cda0347824e2d9eb7815 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 41354 d826c2e80c70c92c54c407fa6458a2d0 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 156660 24840c4483eb81fccfd483843c03fc21 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 44760 ff76458f2f3bc437f975710f0f44350f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 267886 15ae5b64e2d7f0a84610dca3265f36fe http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 114014 18755ede3d638c17c7292bbc0d0b331c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 1180276 a906d2e8f9b40766735895725112fe04 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 25350 e9e7f9b9c5fc4b6bcaad7e36b7a12c21 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 492286 e367b633343c1841f48eeec01f08e494 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 117916 bee4cf76d903bf902a025ea2362cf5ec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 21900 0807caba04fee218b416288eae034b93 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 38438 e11c657acb477041666dd3cccd8bfebc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 39244 da7d911f9a2f97fd6e895736489c22ac http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 156818 cada78841afbf1e0caf13f75eadaba51 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1.diff.gz Size/MD5: 243611 da5389b9c001fc8105edd135c086b13d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1.dsc Size/MD5: 998 2588a42ba49dd2702130d159c1f68d6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2.orig.tar.gz Size/MD5: 5021880 0aa73c66c206de3da10029bf5f195347 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.4.2-10ubuntu0.1_all.deb Size/MD5: 239534 7469deb007e19439a8f5df6a53ecd485 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 47052 24ce8ff319d3a45dc8c572df3bc47ef6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 282744 5d77a9de6d4267405c6c969792a42243 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 116814 2adb81fed8e7d93cfde2ab01f1050d2e http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 1188376 36c0b944f5e23f76ba587e756e7c4bdb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 27208 be7b3257b0eb9014f033b4ead73bb7a7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 550042 268c59c90f72e47690a2f64fccc296c6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 138186 5f08619b4b4198fb6176f4d914e74b54 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 24666 f584f72af33412695ab6cfb81c891ee4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 44570 f63b6e57da24654d0ffc243936a5a153 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 42802 4542b6bea7110e1cbf557346fc5536ad http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 171006 c96cfef97c3950ab59b80a7b1d3aa868 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 44692 62a8e406937a5be466977c5b47f9a659 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 267508 da18e50b8467dbd7730640a09c52d188 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 110460 480313c340c47e5d6f5167c11161daa7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 1065190 6fe78d85bdae7a9970c769dd2d1ebdcf http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 27254 2ba88324a0225ccab2b826dcc2f0f202 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 493370 5916fe8f22b1a19d0dde5f9e9596353f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 125982 26501d011be6c34b7874b19ceabd0148 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 22852 13693beb84952c55cf78f4275c39aba7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 38258 34107c4916cb13ac651d16706e9d9b9a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 40058 443bc171d30e2f262bb8ce2e3bfe885e http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 159118 b31758442a36011d79dde9c485fca1da lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 45254 659ea8656a46bc1265f0bf3049ffc511 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 267536 13c20e925a9a9ae1353b63fde5ce8555 http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 111858 ce4c215e0dfc3a4c1e53b431264becf7 http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 1068570 9680708be2a7840be99f2894234757bf http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 27248 f0a51f7ebaeb86afa2f466c1e4b1b4c0 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 488706 325b144544a6dfd1917210c9a02ec423 http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 122606 316c7a93002a350fa04f7956483c6efe http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 22522 66d3aaa993507238b341578bb534a0aa http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 37670 b58cc5a2d27f02cac5b954cf4cb1cec5 http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 39810 6a5c7b4e2a52a61258d86618f3a27106 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 158506 b2064557c74e536b96d77a707068c933 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 49064 77fb0a3b0c381e9f4cf561240f801e99 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 297108 927db70c3f13cb7642f8e9dfe9d2e378 http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 124214 fb0b53b2b7f5fd750c3ee3785038efea http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 1271364 32f252c1f510f5d0f5f2860a75fccf8b http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 29764 2111df6f219f9e4a421329209eee6489 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 529240 e66e625de5160092f4ac4b9b505bd3ae http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 137960 e581851a0e71ada301415c006e5697d9 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 26412 12e5213a39740e05cdf4ed87dbfd055e http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 43508 b8aab766d691b13f0df8796252bfe7a5 http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 44292 78170e54852c2e28718dd26c72148165 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 171502 0c747e830656e34d4cd5b84f8ee38551 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 46786 2f07cd43ef71146ec839172a9318eb22 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 281936 b97f8461fb12702ffde3b1536e11531c http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 116124 cf6ec9328492c928d5d8064f09d5bcda http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 1178958 f21fed7bb01a12a74061b3cf03000b54 http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 26652 b650866c75829e84f35592fff5d6c950 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 500058 d99f74a53d5b2b6167eae4bd9f56d3ed http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 127824 c93136898c8ce5f8ac90ba46daacc015 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 22688 e69b52b3505b614f95836502f06bd1ac http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 38792 3167cb62f05d65b3971cc90f1093cd6a http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 38984 92a1a25f10ed41b0bd3a25699e5d76ff http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 169952 3656ebd36bb152e7e18c984f0d8a31fe . Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins. For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146 For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147 For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148 For patches released by Microsoft in 2006, MS06-001 to MS06-051 refer to Security Bulletin HPSBST02140 The Microsoft patch index archive and further details about all Microsoft patches can be found on the following Web site: http://www.microsoft.com/technet/security/bulletin/summary.mspx NOTE: The SMA must have all pertinent SMA Service Packs applied Windows 2000 Update Rollup 1 Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667 Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. NOTE: Patch installation instructions are shown at the end of this table. ------------------------------------------------- MS Patch - MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) Analysis - Patch will run successfully. ------------------------------------------------- MS Patch - MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- Installation Instructions: (if applicable) Download patches to a system other than the SMA Copy the patch to a floppy diskette or to a CD Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA. Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. Release Date: 2008-07-16 Last Updated: 2010-12-15 ----------------------------------------------------------------------------- Potential Security Impact: Remote DNS cache poisoning Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. References: CVE-2008-1447 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.3.2 or BIND v9.2.0, HP-UX B.11.11 running BIND v8.1.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-1447 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates / patch to resolve the vulnerabilities for BIND v9.2.0 and BIND v9.3.2. Customers running BIND v8.1.2 on HP-UX B.11.11 should upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below. A new BIND v9.2.0 depot is available to address an issue encountered on HP-UX B.11.11. The new depot is available by contacting HP Support. The BIND v9.3.2 updates are available for download from: http://software.hp.com The patch PHNE_37865 is available from: http://itrc.hp.com HP-UX Release / Action B.11.11 running v8.1.2 / Upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / BIND Depot name / Action B.11.11 running v9.2.0 / BIND920V15.depot / Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.23 running v9.2.0 / Install PHNE_37865 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.11 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.23 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.31 running v9.3.2 / Install revision C.9.3.2.3.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Firewall configurations may need to be adjusted to allow DNS queries from random source ports to pass. In addition, firewalls that forward DNS queries must not replace the random source ports. MANUAL ACTIONS: Yes - NonUpdate Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Check firewall settings. For B.11.11 running v8.1.2, upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates For B.11.11 running v9.2.0 install BIND920v15.depot PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa AFFECTED VERSIONS For BIND v8.1.2 HP-UX B.11.11 ============= InternetSrvcs.INETSVCS-RUN action: upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. For BIND v9.3.2 HP-UX B.11.11 ============= BindUpgrade.BIND-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.23 ============= BindUpgrade.BIND-UPGRADE BindUpgrade.BIND2-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.31 ============= NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com For BIND v9.2.0 HP-UX B.11.11 ============= BINDv920.INETSVCS-BIND action: install revision B.11.11.01.015 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL Contact HP Support for information on where to download depot. HP-UX B.11.23 ============= InternetSrvcs.INETSVCS-INETD InternetSrvcs.INETSVCS-RUN InternetSrvcs.INETSVCS2-RUN action: install patch PHNE_37865 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://itrc.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 16 July 2008 Initial release Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2 Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11 Version:6 (rev.6) - 15 December 2010 Reformat v9.2.0 recommendation for clarity. Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA26195 VERIFY ADVISORY: http://secunia.com/advisories/26195/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote OPERATING SYSTEM: Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux Desktop Workstation (v. 5 client) http://secunia.com/product/13651/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/ RedHat Enterprise Linux AS 3 http://secunia.com/product/2534/ RedHat Enterprise Linux AS 4 http://secunia.com/product/4669/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux ES 3 http://secunia.com/product/2535/ RedHat Enterprise Linux ES 4 http://secunia.com/product/4668/ RedHat Enterprise Linux WS 3 http://secunia.com/product/2536/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux WS 4 http://secunia.com/product/4670/ RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ DESCRIPTION: Red Hat has issued an update for bind. For more information: SA26152 SOLUTION: Updated packages are available from Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2007-0740.html OTHER REFERENCES: SA26152: http://secunia.com/advisories/26152/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Security Advisory (08-AUG-2008) (CVE-2008-3280) =============================================== Ben Laurie of Google's Applied Security team, while working with an external researcher, Dr. Richard Clayton of the Computer Laboratory, Cambridge University, found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. Attack Description ------------------ In order to mount an attack against a vulnerable OP, the attacker first finds the private key corresponding to the weak TLS certificate. He then sets up a website masquerading as the original OP, both for the OpenID protocol and also for HTTP/HTTPS. There are two cases, one is where the victim is a user trying to identify themselves, in which case, even if they use HTTPS to "ensure" that the site they are visiting is indeed their provider, they will be unable to detect the substitution and will give their login credentials to the attacker. The second case is where the victim is the Relying Party (RP). In this case, even if the RP uses TLS to connect to the OP, as is recommended for higher assurance, he will not be defended, as the vast majority of OpenID implementations do not check CRLs, and will, therefore, accept the malicious site as the true OP. Mitigation ---------- Mitigation is surprisingly hard. In theory the vulnerable site should revoke their weak certificate and issue a new one. However, since the CRLs will almost certainly not be checked, this means the site will still be vulnerable to attack for the lifetime of the certificate (and perhaps beyond, depending on user behaviour). Note that shutting down the site DOES NOT prevent the attack. Therefore mitigation falls to other parties. Until either 1 and 2 or 3 have been done, OpenID cannot be trusted for any OP that cannot demonstrate it has never had a weak certificate. Discussion ---------- Normally, when security problems are encountered with a single piece of software, the responsible thing to do is to is to wait until fixes are available before making any announcement. However, as a number of examples in the past have demonstrated, this approach does not work particularly well when many different pieces of software are involved because it is necessary to coordinate a simultaneous release of the fixes, whilst hoping that the very large number of people involved will cooperate in keeping the vulnerability secret. In the present situation, the fixes will involve considerable development work in adding CRL handling to a great many pieces of openID code. This is a far from trivial amount of work. The fixes will also involve changes to browser preferences to ensure that CRLs are checked by default -- which many vendors have resisted for years. We are extremely pessimistic that a security vulnerability in OpenID will be seen as sufficiently important to change the browser vendors minds. Hence, we see no value in delaying this announcement; and by making the details public as soon as possible, we believe that individuals who rely on OpenID will be better able to take their own individual steps to avoid relying upon the flawed certificates we have identified. OpenID is at heart quite a weak protocol, when used in its most general form[1], and consequently there is very limited reliance upon its security. This means that the consequences of the combination of attacks that are now possible is nothing like as serious as might otherwise have been the case. However, it does give an insight into the type of security disaster that may occur in the future if we do not start to take CRLs seriously, but merely stick them onto "to-do" lists or disable them in the name of tiny performance improvements. Affected Sites -------------- There is no central registry of OpenID systems, and so we cannot be sure that we have identified all of the weak certificates that are currently being served. The list of those we have found so far is: openid.sun.com www.xopenid.net openid.net.nz Notes ----- [1] There are ways of using OpenID that are significantly more secure than the commonly deployed scheme, I shall describe those in a separate article. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects versions prior to Aruba Mobility Controller 2.5.4.18 and FIPS prior to 2.4.8.6-FIPS. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Certain input passed to the login pages is not properly sanitised before being returned to the user. SOLUTION: Update to the latest patched firmware version. http://www.arubanetworks.com/support PROVIDED AND/OR DISCOVERED BY: The vendor credits Adair Collins and Steve Palmer of HostsPlus, and Nobuhiro Tsuji of NTT DATA SECURITY. ORIGINAL ADVISORY: http://www.arubanetworks.com/support/alerts/aid-070907b.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges. There is a buffer overflow vulnerability in the CAM service when processing malformed user requests. Remote attackers may use this vulnerability to control the server. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Please see the vendor's advisory for more details. CAM (Windows): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89945 CAM(Netware): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89943 PROVIDED AND/OR DISCOVERED BY: IBM ISS X-Force ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp IBM ISS X-Force: http://www.iss.net/threats/272.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Mitigating Factors: None Severity: CA has given this vulnerability a High risk rating. i.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build 54_4) and 1.11 (prior to Build 54_4). Affected Products: Advantage Data Transport 3.0 BrightStor SAN Manager 11.1, 11.5 BrightStor Portal 11.1 CleverPath OLAP 5.1 CleverPath ECM 3.5 CleverPath Predictive Analysis Server 2.0, 3.0 CleverPath Aion 10.0 eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 Unicenter Application Performance Monitor 3.0, 3.5 Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 Unicenter Data Transport Option 2.0 Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 Unicenter Jasmine 3.0 Unicenter Management for WebSphere MQ 3.5 Unicenter Management for Microsoft Exchange 4.0, 4.1 Unicenter Management for Lotus Notes/Domino 4.0 Unicenter Management for Web Servers 5, 5.0.1 Unicenter NSM 3.0, 3.1 Unicenter NSM Wireless Network Management Option 3.0 Unicenter Remote Control 6.0, 6.0 SP1 Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 Unicenter TNG JPN 2.2 Affected Platforms: Windows and NetWare Platforms NOT affected: AIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX, Linux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1, Solaris Intel, Solaris Sparc and UnixWare. Status and Recommendation: CA has made patches available for all affected products. These patches are independent of the CA Software that installed CAM. Simply select the patch appropriate to the platform, and the installed version of CAM, and follow the patch application instructions. You should also review the product home pages on SupportConnect for any additional product specific instructions. Solutions for CAM: Platform Solution Windows QO89945 NetWare QO89943 How to determine if you are affected: Determining CAM versions: Simply running camstat will return the version information in the top line of the output on any platform. The camstat command is located in the bin subfolder of the installation directory. The example below indicates that CAM version 1.11 build 27 increment 2 is running. E:\>camstat CAM – machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16 Determining the CAM install directory: Windows: The install location is specified by the %CAI_MSQ% environment variable. Unix/Linux/Mac: The /etc/catngcampath text file holds the CAM install location. Workaround: The affected listening port can be disabled by creating or updating CAM's configuration file, CAM.CFG, with the following entry under the "*CONFIG" section: *CONFIG cas_port=0 The CA Messaging Server must be recycled in order for this to take effect. We advise that products dependent upon CAM should be shutdown prior to recycling CAM. Once dependent products have been shutdown, CAM can be recycled with the following commands: On Windows: camclose cam start On NetWare: load camclose load cam start Once CAM has been restarted, any CAM dependent products that were shutdown can be restarted. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFGpqCHeSWR3+KUGYURAt6DAJ0YpnaiwrNfhhQlvdvL28LYxBYbZgCfRpKQ pNdOPBvd1/BVRF6Lo65uo2o= =7w0f -----END PGP SIGNATURE-----

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. Multiple Computer Associates products are prone to a denial-of-service vulnerability because the applications fail to handle malformed CHM files. Successfully exploiting this issue will cause the affected applications to stop responding, denying service to legitimate users. This issue affects applications that use the 'arclib.dll' library versions prior to 7.3.0.9. The Arclib.DLL library in eTrust products has a security vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities CA Vuln ID (CAID): 35525, 35526 CA Advisory Date: 2007-07-24 Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put <pucik at overflow dot pl> working with the iDefense VCP. CVE-2007-3875 - An anonymous researcher working with the iDefense VCP. Sergio Alvarez of n.runs AG also reported these issues. Impact: A remote attacker can cause a denial of service. Summary: CA products that utilize the Arclib library contain two denial of service vulnerabilities. The second vulnerability, CVE-2006-5645, is due to an application hang when processing a specially malformed RAR file. Mitigating Factors: None Severity: CA has given these vulnerabilities a Medium risk rating. Affected Products: CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.0, 7.1, r8, r8.1 CA Anti-Virus 2007 (v8) eTrust EZ Antivirus r7, r6.1 CA Internet Security Suite 2007 (v3) eTrust Internet Security Suite r1, r2 eTrust EZ Armor r1, r2, r3.x CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus Gateway) 7.1 CA Protection Suites r2, r3 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1, 8.0 CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1 CA Anti-Spyware 2007 Unicenter Network and Systems Management (NSM) r3.0, r3.1, r11, r11.1 BrightStor ARCserve Backup v9.01, r11 for Windows, r11.1, r11.5 BrightStor Enterprise Backup r10.5 BrightStor ARCserve Client agent for Windows eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1 CA Common Services (CCS) r11, r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) Status and Recommendation: CA has provided an update to address the vulnerabilities. The updated Arclib library is provided in automatic content updates with most products. Ensure that the latest content update is installed. In the case where automatic updates are not available, use the following product specific instructions. CA Secure Content Manager 1.1: Apply QO89469. CA Secure Content Manager 8.0: Apply QO87114. Unicenter Network and Systems Management (NSM) r3.0: Apply QO89141. Unicenter Network and Systems Management (NSM) r3.1: Apply QO89139. Unicenter Network and Systems Management (NSM) r11: Apply QO89140. Unicenter Network and Systems Management (NSM) r11.1: Apply QO89138. CA Common Services (CCS) r11: Apply QO89140. CA Common Services (CCS) r11.1: Apply QO89138. CA Anti-Virus Gateway 7.1: Apply QO89381. eTrust Intrusion Detection 2.0 SP1: Apply QO89474. eTrust Intrusion Detection 3.0: Apply QO86925. eTrust Intrusion Detection 3.0 SP1: Apply QO86923. CA Protection Suites r2: Apply updates for CA Anti-Virus 7.1. BrightStor ARCserve Backup and BrightStor ARCserve Client agent for Windows: Manually replace the arclib.dll file with the one provided in the CA Anti-Virus 7.1 fix set. 1. Locate and rename the existing arclib.dll file. 2. Download the CA Anti-Virus 7.1 patch that matches the host operating system. 3. Unpack the patch and place the arclib.dll file in directory where the existing arclib.dll file was found in step 1. 4. Reboot the host. CA Anti-Virus 7.1 (non Windows): T229327 – Solaris – QO86831 T229328 – Netware – QO86832 T229329 – MacPPC – QO86833 T229330 – MacIntel – QO86834 T229331 – Linux390 – QO86835 T229332 – Linux – QO86836 T229333 – HP-UX – QO86837 CA Anti-Virus 7.1 (Windows): T229337 – NT (32 bit) – QO86843 T229338 – NT (AMD64) – QO86846 CA Threat Manager for the Enterprise r8.1 (non Windows): T229334 – Linux – QO86839 T229335 – Mac – QO86828 T229336 – Solaris – QO86829 How to determine if you are affected: For products on Windows: 1. Using Windows Explorer, locate the file “arclib.dll”. By default, the file is located in the “C:\Program Files\CA\SharedComponents\ScanEngine” directory(*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated in the table below, the installation is vulnerable. File Name File Version arclib.dll 7.3.0.9 *For eTrust Intrusion Detection 2.0 the file is located in “Program Files\eTrust\Intrusion Detection\Common”, and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in “Program Files\CA\Intrusion Detection\Common”. For CA Anti-Virus r8.1 on non-Windows: Use the compver utility provided on the CD to determine the version of arclib.dll. The same version information above applies. Workaround: None References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Security Notice for CA Products Containing Arclib http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot .asp Solution Document Reference APARs: QO89469, QO87114, QO89141, QO89139, QO89140, QO89138, QO89140, QO89138, QO89381, QO89474, QO86925, QO86923, QO86831, QO86832, QO86833, QO86834, QO86835, QO86836, QO86837, QO86843, QO86846, QO86839, QO86828, QO86829 CA Security Advisor posting: CA Products Arclib Library Denial of Service Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847 CA Vuln ID (CAID): 35525, 35526 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35525 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35526 Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put <pucik at overflow dot pl> working with the iDefense VCP. CVE-2007-3875 - An anonymous researcher working with the iDefense VCP. Sergio Alvarez of n.runs AG also reported these issues. iDefense advisories: Computer Associates AntiVirus CHM File Handling DoS Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 CVE References: CVE-2006-5645, CVE-2007-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3875 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFGpp9beSWR3+KUGYURAplHAJ4paEd/cX+2AxdBWfnw2zhfjAGQwACfW+mo tCqbonQi4DvtQ9a45c65y70= =o8Ac -----END PGP SIGNATURE----- . BACKGROUND eTrust is an antivirus application developed by Computer Associates. More information can be found on the vendor's website at the following URL. http://www3.ca.com/solutions/product.aspx?ID=156 II. DESCRIPTION Remote exploitation of a denial of Service (DoS) vulnerability in Computer Associates Inc.'s eTrust Antivirus products could allow attackers to create a DoS condition on the affected computer. III. ANALYSIS This denial of service attack will prevent the scanner from scanning other files on disk while it is stuck on the exploit file. The hung process can be quit by the user and does not consume all system resources. IV. DETECTION iDefense has confirmed this vulnerability in eTrust AntiVirus version r8. Previous versions of eTrust Antivirus are suspected vulnerable. Other Computer Associates products, as well as derived products, may also be vulnerable. V. WORKAROUND iDefense is not aware of any workarounds for this issue. VI. VENDOR RESPONSE Computer Associates has addressed this vulnerability by releasing updates. More information is available within Computer Associates advisory at the following URL. http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3875 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 01/16/2007 Initial vendor notification 01/17/2007 Initial vendor response 07/24/2007 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. scanning a specially crafted RAR archive. Please see the vendor's advisory for details. 2) The vendor credits Titon of BastardLabs and Damian Put, reported via iDefense Labs. ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). This allows a second WLC to reprocess the ARP request and incorrectly re-forward the inclusion back to the network. This vulnerability is documented as CSCsj69233. In the case of Layer 3 (L3) roaming, wireless clients move from one controller to another, and the wireless LAN interfaces configured on different controllers are in different IP subnets. In this case, the unicast ARP may not be tunneled back to the anchor controller, but sent by the external controller to its native VLAN. This vulnerability is documented as CSCsj70841

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the device, denying service to legitimate users. These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected. Cisco Wireless LAN Controllers (WLCs) provide real-time communication between lightweight access points and other wireless-providing LAN controllers to perform centralized system-wide WLAN configuration and management functions. There is a vulnerability in the WLC's handling of unicast ARP traffic, and the LAN link between the wireless LAN controllers in the mobility group may be flooded with unicast ARP requests. Vulnerable WLCs may mishandle unicast ARP requests from wireless clients, causing ARP storms. Both WLCs attached to the same set of Layer 2 VLANs must have wireless client contexts for this vulnerability to be exposed. This happens after using layer 3 (inter-subnet) roaming or when using guest WLAN (auto-anchor). If multiple WLCs are installed on the corresponding VLAN, it will cause an ARP storm. This vulnerability is documented as CSCsj50374

The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. (1) DoAttachVideoSender function (2) DoAttachVideoReceiver function (3) DoAttachAudioSender function (4) DoAttachAudioReceiver function. Ipswitch Instant Messaging Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected network data. Successfully exploiting this issue allows remote attackers to crash the IM service, denying further instant messages for legitimate users. Ipswitch IM Server 2.0.5.30 is vulnerable; other versions may also be affected. Ipswitch Instant Messaging is the instant messaging software bundled in the Ipswitch collaboration component. The vulnerable code can be reached through the following functions: DoAttachVideoSender DoAttachVideoReceiver DoAttachAudioSender DoAttachAudioReceiver. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is reported in version 2.0.5.30. SOLUTION: Update to version 2.0.7. http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous researcher and reported via iDefense. ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor.". Ipswitch IMail Server 2006 There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.Service disruption by a third party ( Daemon crash ) There is a possibility of being put into a state. Imail Server is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows SECUNIA ADVISORY ID: SA26123 VERIFY ADVISORY: http://secunia.com/advisories/26123/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server and Collaboration Suite, which can be exploited by malicious users and malicious people to compromise a vulnerable system. 1) A boundary error in the processing of the IMAP "SEARCH" command can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code, but requires a valid user account. 2) A boundary error in the processing of the IMAP "SEARCH CHARSET" command can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code, but requires a valid user account. Vulnerabilities #1 and #2 are reported in version 6.8.8.1 of imapd32.exe. Prior versions may also be affected. 3) A boundary error in Imailsec can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code. 4) A boundary error in "subscribe" can be exploited to cause a buffer overflow. No further information is currently available. Vulnerabilities #3 and #4 are reported in Ipswitch IMail Server and Collaboration Suite prior to version 2006.21. SOLUTION: Update to IMail Server version 2006.21. http://www.ipswitch.com/support/imail/releases/im200621.asp Update to Ipswitch Collaboration Suite 2006.21. http://www.ipswitch.com/support/ics/updates/ics200621.asp PROVIDED AND/OR DISCOVERED BY: 1) Manuel Santamarina Suarez, reported via iDefense Labs. 2) An anonymous person, reported via iDefense Labs. 3, 4) The vendor credits TippingPoint and the Zero Day Initiative. ORIGINAL ADVISORY: IPSwitch: http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.ipswitch.com/support/ics/updates/ics200621.asp iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. " Residual information " Can be hijacked in the session. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Note: This is a belated release to the mailing lists (though most of the tracking services picked this up via the Citrix advisory)... -- History -- Discovered: 05.09.06 (Martin O'Neal) Vendor notified: 19.10.06 Document released: 20.07.07 -- Overview -- Citrix Access Gateways are described [1] as "universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's applications and data". Amongst other features, the product provides a web portal to corporate applications and resources. -- Analysis -- The web portal interface incorporates a collection of .NET scripts, which utilise a session ID contained within cookies. During the authentication sequence the user session is redirected via a HTTP meta refresh header in an HTML response. The browser subsequently uses this within the next GET request (and the referer header field of the next HTTP request), placing the session ID in history files, and both client and server logs. The use of the session ID within the HTML content is made worse by the application not setting the HTTP cache control headers appropriately, which can lead to the HTML content being stored within the local browser cache. Where this is a particularly problem, is where the web portal is accessed from a shared or public access terminal, such as an Internet Caf,; the very environment that this type of solution is intended for. Strong authentication technology, such as SecurID 2FA, does not protect against this style of attack, as the session ID is generated after the strong authentication process is completed. -- Recommendations -- Review the recommendations in the Citrix alert [2]. Until the product is upgraded, consider reviewing you remote access policy to restrict the use of the product in shared-access environments. -- CVE -- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-0011 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardises names for security problems. -- References -- [1] http://www.citrix.com/English/ps2/products/product.asp?contentID =15005 [2] http://support.citrix.com/article/CTX113814 -- Revision -- a. Initial release. b. Released. -- Distribution -- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information. -- Disclaimer -- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information. -- About Corsaire -- Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research. A free guide to selecting a security assessment supplier is available at http://www.penetration-testing.com Copyright 2006-2007 Corsaire Limited. All rights reserved. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. This vulnerability CVE-2007-3679 And may overlap.Details of the impact of this vulnerability are unknown. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. This can be exploited to e.g. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. Citrix EPA ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into visiting a malicious webpage. Successful exploits may allow attackers to execute arbitrary code on a victim's computer. This may facilitate a compromise of vulnerable computers. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-006 Advisory Title: Citrix EPA ActiveX Control Design Flaw Author: Michael White / michael_white@symantec.com Release Date: 19-07-2007 Application: Citrix Access Gateway Platform: Internet Explorer/Win32 Severity: Remote arbitrary code execution Vendor status: Patch available CVE Number: CVE-2007-3679 Reference: http://www.securityfocus.com/bid/24865 Overview: Citrix Access Gateway offers a clientless SSL VPN solution implemented through a series of browser-based controls. As part of the endpoint validation, the ActiveX control for Internet Explorer downloads and executes a series of executable modules from the remote server. Details: Researchers identified that the endpoint checking control can be embedded in any web page and subverted to download and execute any executable module of the attacker\x92s choosing. This vulnerability represents a design flaw in the architecture of the endpoint validation practice. A high level of browser trust is required to allow the endpoint checks to function correctly, and the control is signed by Citrix Corporation. Vendor Response: This has been addressed by a product update. See http://support.citrix.com/article/CTX113815 Recommendation: Apply the product update as detailed in http://support.citrix.com/article/CTX113815 Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2007-3679 - -------Symantec Vulnerability Research Advisory Information------- For questions about this advisory, or to report an error: research@symantec.com For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf Symantec Vulnerability Research Advisory Archive: http://www.symantec.com/research/ Symantec Vulnerability Research GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc - -------------Symantec Product Advisory Information------------- To Report a Security Vulnerability in a Symantec Product: secure@symantec.com For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/ Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc - --------------------------------------------------------------- Copyright (c) 2007 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from research@symantec.com. Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFGnRXXuk7IIFI45IARAla8AKDKwcYD23htC+trwq1Ke5Qvam99YACfUgJh VynDvAnppLmojz2wbrLfR+U= =QakL -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Citrix Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26143 VERIFY ADVISORY: http://secunia.com/advisories/26143/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Citrix Access Gateway 4.x http://secunia.com/product/6168/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in Citrix Access Gateway, which can be exploited by malicious people to disclose sensitive information, conduct cross-site request forgery attacks, or to compromise a user's system. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. This security issue is reported in Access Gateway Advanced Edition 4.5 and prior. These vulnerabilities are reported in Access Gateway Standard Edition 4.5.2 and prior and Access Gateway Advanced Editions version 4.5 and prior with appliance firmware 4.5.2 and prior. 3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. Access Gateway Enterprise Edition is reportedly not affected. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------