[USN-457-1] elinks vulnerability
=== Ubuntu Security Notice USN-457-1 May 07, 2007 elinks vulnerability CVE-2007-2027 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: elinks 0.10.6-1ubuntu3.1 Ubuntu 6.10: elinks 0.11.1-1ubuntu2.1 Ubuntu 7.04: elinks 0.11.1-1.2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.diff.gz Size/MD5:28603 0b577b8bc6a3103935c52313a495a954 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1.dsc Size/MD5: 738 0346748aaf2922418ec4dfe02e05c402 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6.orig.tar.gz Size/MD5: 3651428 0243203b9e54cf0cf002fca31244ce79 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_amd64.deb Size/MD5: 732216 d65ba4e4120fd88105adbc628a035a6f http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_amd64.deb Size/MD5: 906586 c3e80e8bd41f6d80c808042ed5cc1dbe i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_i386.deb Size/MD5: 682826 3b0209a4be268773185eef2d84c9e5b8 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_i386.deb Size/MD5: 845256 8ff10117a0c6db4c2ef0eab9b3bf5d12 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_powerpc.deb Size/MD5: 720792 e7a37e565245b54369375f92ed27ffb6 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_powerpc.deb Size/MD5: 889754 d52e3c0396583d7cbeae247a38103bf7 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.10.6-1ubuntu3.1_sparc.deb Size/MD5: 697444 f772ddcb471071477319b3b215608761 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ubuntu3.1_sparc.deb Size/MD5: 862440 0068be4d0c31e5c2ff9f46b8a6be801d Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.diff.gz Size/MD5:28019 0d1b17d1b227466a560b0339df296dbc http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1.dsc Size/MD5: 747 1e2a390cbc0823d457526485d1ca6ea5 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1.orig.tar.gz Size/MD5: 3863617 dce0fa7cb2b6e7194ddd00e34825218b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_amd64.deb Size/MD5: 460190 b950f302e8d80c25a65d6a089f3decd1 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_amd64.deb Size/MD5: 663668 de6d149b63992cb82358dd6fa4af10fe i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_i386.deb Size/MD5: 418540 c1fa34ff7a666af59c870cf6f97630e3 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_i386.deb Size/MD5: 621394 84a5bb5d26fada7ee6b9339e0b482895 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_powerpc.deb Size/MD5: 453056 26a7413524ba5e340327eed6b614 http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_powerpc.deb Size/MD5: 656246 3f9124e00688cca093ac6c8774d5e435 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0.11.1-1ubuntu2.1_sparc.deb Size/MD5: 420584 74fb042c9fad6c10a9a3e2f6319b6b2e http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ubuntu2.1_sparc.deb Size/MD5: 622998 0bc6cf62c301a3604650c43a79710af9 Updated packages for Ubuntu 7.04:
VMSA-2007-0004 Multiple Denial-of-Service issues fixed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - --- VMware Security Advisory Advisory ID: VMSA-2007-0004 Synopsis: Multiple Denial-of-Service issues fixed Issue date:2007-05-04 Updated on:2007-05-04 CVE numbers: CVE-2007-1069 CVE-2007-1337 CVE-2007-1877 CVE-2007-1876 CVE-2007-1744 - --- 1. Summary: Multiple Denial-of-Service issues fixed. 2. Relevant releases: VMware Workstation prior to 5.5.4 VMware Player prior to 1.0.4 VMware Server prior to 1.0.3 VMware ACE prior to 1.0.3 3. Problem description: Problems addressed by these patches: a. Denial-of-Service on Windows based guest operating systems. Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment. VMware thanks Rubén Santamarta of Reversemode for identifying and reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1069 to this issue. VMware Workstation 5.5.4 (Build# 44386) VMware Player 1.0.4 (Build# 44386) VMware Server 1.0.3 (Build# 44356) VMware ACE 1.0.3 (Build# 44385) b. Denial-of-Service using ACPI I/O ports Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted. Thanks to Tavis Ormandy of Google for identifying this issue. http://taviso.decsystem.org/virtsec.pdf The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1337 to this issue. VMware Workstation 5.5.4 (Build# 44386) VMware Player 1.0.4 (Build# 44386) VMware Server 1.0.3 (Build# 44356) VMware ACE 1.0.3 (Build# 44385) c. Denial-of-Service using malformed configuration data Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems. VMware would like to thank Per-Fredrik Pollnow and Mikael Janers technical security consultants at SunGard iXsecurity. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1877 to this issue. VMware Workstation 5.5.4 (Build# 44386) VMware Player 1.0.4 (Build# 44386) VMware Server 1.0.3 (Build# 44356) VMware ACE 1.0.3 (Build# 44385) d. Debugging local programs could create system instability In a 64-bit Windows guest on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine's register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures. Thanks to Ken Johnson for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1876 to this issue. VMware Workstation 5.5.4 (Build# 44386) VMware Player 1.0.4 (Build# 44386) VMware Server 1.0.3 (Build# 44356) VMware ACE 1.0.3 (Build# 44385) e. Directory traversal vulnerability in shared folders feature Shared Folders is a feature that enables users of guest operating systems to access a specified set of folders in the host's file system. A vulnerability was identified by Greg MacManus of iDefense Labs that could allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the Shared Folder feature is enabled by default, no folders are shared by default, which means this vulnerability is not exploitable by default. The
ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability
ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-025.html May 7, 2007 -- CVE ID: CVE-2007-2508 -- Affected Vendor: Trend Micro -- Affected Products: ServerProtect v5.58 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since May 2, 2007 by Digital Vaccine protection filter ID 5125. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll: /* opcode: 0x00, address: 0x65741030 */ error_status_t sub_65741030 ( [in] handle_t arg_1, [in] long arg_2, [in][size_is(arg_4)] byte arg_3[], [in] long arg_4, [out][size_is(arg_6)] byte arg_5[], [in] long arg_6 ); A sub-function within this interface is vulnerable to a stack overflow due an unbounded call to wcscpy() within the routine CAgRpcClient::CreateBinding() defined in AgRpcCln.dll library. -- Vendor Response: Trend Micro has issued an update to correct this vulnerability. More details can be found at: http://www.trendmicro.com/download_beta/product.asp?productid=17 -- Disclosure Timeline: 2007.02.01 - Vulnerability reported to vendor 2007.05.02 - Digital Vaccine released to TippingPoint customers 2007.05.07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Eric DETOISIEN. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
FLEA-2007-0016-1: kernel
Foresight Linux Essential Advisory: 2007-0016-1 Published: 2007-05-08 Rating: Minor Updated Versions: kernel=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1/2.6.20.11-1-0.1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.2.1-0.21-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 http://lwn.net/Articles/232675/ Description: Previous versions of the Linux kernel are vulnerable to a local user Denial of Service attack in which local users can trigger a kernel stack overflow using the netlink layer, and to one remote Denial of Service attack in which if IPv6 routing has been configured, a remote user can cause the system to use all available network bandwidth by sending a specially-crafted IPv6 packet. In addition, several non-security issues have been resolved that caused some systems to have difficulty booting: attempting to initialize the Intel random number generator caused some recent systems to hang during boot, and NUMA capability was also causing some systems to hang during boot and so has been disabled on x86, where it is generally not needed. A system reboot is required to resolve these issues. Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities
netVigilance Security Advisory #11 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smiles, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL. Security problems in the product allow attackers to gather the true path of the server-side script and get the database name. External References: Mitre CVE: CVE-2007-0608 NVD NIST: CVE-2007-0608 OSVDB: 33876 Summary: Advanced Guestbook is a PHP-based guestbook with admin interface. Security problems in the product allows attackers to gather the true path of the server-side script and get the database name. This vulnerabilities can be exploited only when PHP register_globals is On. Advisory URL: http://www.netvigilance.com/advisory0011 Release Date: 05/07/2007 Severity: Risk: Low CVSS Metrics Access Vector: Remote Access Complexity: High Authentication: not-required Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Impact Bias: Normal CVSS Base Score: 1.86 Target Distribution on Internet: Low Exploitability: Functional Exploit Remediation Level: Workaround Report Confidence: Uncorroborated Vulnerability Impact: Attack Host Impact: Information disclosure, path disclosure. SecureScout Testcase ID: Vulnerable Systems: Advanced Guestbook 2.4.2 Vulnerability Type: Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors. Also there exist a possibility to disclose the database name in the error information messages. Vendor Status: Contact with the Vendor was established but draft of the security advisory wasn't provided because the Vendor stopped responding to our emails on 9 March 2007. There is no official fix at the release of this Security Advisory Workaround: Set PHP register_globals to Off. Disable warning messages: modify in the php.ini file following line: display_errors = Off. Or modify .htaccess file (this will work only for the apache servers). Example: Error Information Leak 1: Database Name Disclosure REQUEST: http://[TARGET]/[GUETBOOK-FOLDER]/lang/codes-english.php?GB_TBL=123 REPLY: Error Number: 1146 Table '[DATABASE NAME].b' doesn't exist Date: Thu, January 4, 2007 13:40:11 IP : 212.98.173.35 Browser : Opera/9.01 (Windows NT 5.0; U; ru) Referer : PHP Version : 4.4.4 OS : Linux Server : Apache/2.2.3 Server Name : proxy2.de Error Information Leak 2: Database Name Disclosure REQUEST: http://[TARGET]/[GUETBOOK-FOLDER]/image.php?id=1GB_TBL=123 REPLY: bfont size=4 face=ArialQuery Error/font/bhrpreMySQL Error : Query Error Error Number: 1146 Table '[DISCLOSURE RESULT - DATABASE NAME].b' doesn't exist Date: Mon, January 8, 2007 16:58:56 IP : 212.98.173.35 Browser : Opera/9.01 (Windows NT 5.0; U; ru) Referer : PHP Version : 4.4.4 OS : Linux Server : Apache/2.2.3 Server Name : proxy2.de /pre Error Information Leak 3: Path Disclosure Vulnerability REQUEST: At first set in the COOKIES variable lang = ../index for the target web-site http://[TARGET]/[guestbook-directory]/index.php?GB_DB=123 REPLY: bWarning/b: mysql_connect() [a href='function.mysql-connect'function.mysql-connect/a]: Unknown MySQL server host '-' (1) in b[FULL PATH TO FILE]/mysql.class.php/b on line b30/bbr / bfont size=4 face=ArialConnection Error/font/bhrpreMySQL Error : Connection Error Error Number: 2005 Unknown MySQL server host '-' (1) Date: Thu, January 4, 2007 13:42:18 IP : 212.98.173.35 Browser : Opera/9.01 (Windows NT 5.0; U; ru) Referer : PHP Version : 4.4.4 OS : Linux Server : Apache/2.2.3 Server Name : ServerName.de Error Information Leak 4: Path Disclosure Vulnerability REQUEST: http://[TARGET]/[guestbook-directory]/index.php REPLY: br /bNotice/b: Undefined variable: DB_CLASS in b[FULL PATH TO FILE]\rs\gb\index.php/b on line b4/bbr / br /bWarning/b: main([FULL PATH TO FILE]\rs\gb/lib/) [a href='function.main'function.main /a]: failed to open stream: Permission denied in b[FULL PATH TO FILE]\rs\gb\index.php/b on line b4/bbr /br / bFatal error/b: main() [a href='function.require'function.require/a]: Failed opening required '[FULL PATH TO FILE] \rs\gb/lib/' (include_path='.;C:\php5\pear') in b[FULL PATH TO FILE]\rs\gb\index.php/b on line b4/bbr / Credits: Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com
Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability
netVigilance Security Advisory #13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smiles, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL. External References: Mitre CVE: CVE-2007-0609 NVD NIST: CVE-2007-0609 OSVDB: 33878 Summary: Advanced Guestbook is a PHP-based guestbook with admin interface. Security problems in the product allow attackers to conduct directory traversal attacks. This vulnerabilities can be exploited only when attacker has registered on the same server. Advisory URL: http://www.netvigilance.com/advisory0013 Release Date: 05/07/2007 Severity: Risk: High CVSS Metrics Access Vector: Remote Access Complexity: High Authentication: Not-required Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete Impact Bias: Normal CVSS Base Score: 8 Target Distribution on Internet: Low Exploitability: Functional Exploit Remediation Level: Workaround Report Confidence: Uncorroborated Vulnerability Impact: Attack Host Impact: Directory Traversal SecureScout Testcase ID: Vulnerable Systems: Advanced Guestbook 2.4.2 Vulnerability Type: An attacker via the .. (dot dot) sequence can execute his own php-script on the target server. Vendor Status: Contact with the Vendor was established but draft of the security advisory wasn't provided because the Vendor stopped responding to our emails on 9 March 2007. There is no official fix at the release of this Security Advisory Workaround: Set Advanced Guestbook default static language. Example: 1. Create php-script like: ?php global $GB_DB; print_r($GB_DB); ? 2. Set in COOKIES variable lang = [ via the .. (dot dot) Sequence set the script name on the same server] for example ../../../hack_www/htdocs/hack REQUEST: http://[TARGET]/[guestbook-directory]/index.php REPLY: Array ( [dbName] = [CURRENT DB NAME] [host] = [CURRENT DB HOST] [user] = [DB USER NAME] [pass] = [DB USER PASSWORD] ) Credits: Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com
[ GLSA 200705-09 ] IPsec-Tools: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: Denial of Service Date: May 08, 2007 Bugs: #173219 ID: 200705-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis IPsec-Tools contains a vulnerability that allows a remote attacker to crash the IPsec tunnel. Background == IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-firewall/ipsec-tools0.6.7 = 0.6.7 Description === The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) packets are encrypted. Impact == A remote attacker could send a specially crafted IPsec message to one of the two peers during the beginning of phase 1, resulting in the termination of the IPsec exchange. Workaround == There is no known workaround at this time. Resolution == All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-firewall/ipsec-tools-0.6.7 References == [ 1 ] CVE-2007-1841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp0kNgdYko44.pgp Description: PGP signature
[SECURITY] [DSA 1287-1] New ldap-account-manager packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1287-1[EMAIL PROTECTED] http://www.debian.org/security/ Noah Meyerhans May 07, 2007 - Package: ldap-account-manager (0.4.9-2sarge1) Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-7191 CVE-2007-1840 Debian Bug : 415379 Two vulnerabilities have been identified in the version of ldap-account-manager shipped with Debian 3.1 (sarge). CVE-2006-7191 An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this executable. CVE-2007-1840 Improper escaping of HTML content could allow an attacker to execute a cross-site scripting attack (XSS) and execute arbitrary code in the victim's browser in the security context of the affected web site. For the old stable distribution (sarge), this problem has been fixed in version 0.4.9-2sarge1. Newer versions of Debian (etch, lenny, and sid), are not affected. We recommend that you upgrade your ldap-account-manager package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.dsc Size/MD5 checksum: 629 e35751aee6f3d2658caa7f7e605b7c69 http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.diff.gz Size/MD5 checksum:12059 4c853e7304c431d7da29e8988bafff7a http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9.orig.tar.gz Size/MD5 checksum: 423988 6478d91210dbf13c9d49b7aa1a971be1 Architecture independent packages: http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1_all.deb Size/MD5 checksum: 408360 47e7959aedbc6f62a3c266708d8208a8 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGPzdXYrVLjBFATsMRAhJLAJ9eZzohQdNCeDjj6WlZ3U82AUiEEACePhHm JkkfWaNRbI9NDrCPGvaRCak= =TTks -END PGP SIGNATURE-
[ GLSA 200705-11 ] MySQL: Two Denial of Service vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Two Denial of Service vulnerabilities Date: May 08, 2007 Bugs: #170126, #171934 ID: 200705-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two Denial of Service vulnerabilities have been discovered in MySQL. Background == MySQL is a popular multi-threaded, multi-user SQL server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/mysql 5.0.38 = 5.0.38 5.0 Description === mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata. Impact == In both cases, a remote attacker could send a specially crafted SQL request to the server, possibly resulting in a server crash. Note that the attacker needs the ability to execute SELECT queries. Workaround == There is no known workaround at this time. Resolution == All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/mysql-5.0.38 References == [ 1 ] Original Report http://bugs.mysql.com/bug.php?id=27513 [ 2 ] CVE-2007-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgplzllhNmIcD.pgp Description: PGP signature
ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability
ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-024.html May 7, 2007 -- CVE ID: CVE-2007-2508 -- Affected Vendor: Trend Micro -- Affected Products: ServerProtect v5.58 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since May 2, 2007 by Digital Vaccine protection filter ID 5123. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the EarthAgent.exe daemon, bound by default on TCP port 3628 and exposing the following DCE/RPC interface through TmRpcSrv.dll: /* opcode: 0x00, address: 0x65741030 */ error_status_t sub_65741030 ( [in] handle_t arg_1, [in] long arg_2, [in][size_is(arg_4)] byte arg_3[], [in] long arg_4, [out][size_is(arg_6)] byte arg_5[], [in] long arg_6 ); A sub-function within this interface is vulnerable to a stack overflow due an unbounded call to wcscpy(). -- Vendor Response: Trend Micro has issued an update to correct this vulnerability. More details can be found at: http://www.trendmicro.com/download_beta/product.asp?productid=17 -- Disclosure Timeline: 2007.02.01 - Vulnerability reported to vendor 2007.05.02 - Digital Vaccine released to TippingPoint customers 2007.05.07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Eric DETOISIEN. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
[ GLSA 200705-10 ] LibXfont, TightVNC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: LibXfont, TightVNC: Multiple vulnerabilities Date: May 08, 2007 Bugs: #172575, #174200 ID: 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges. Background == LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 net-misc/tightvnc 1.2.9-r4 = 1.2.9-r4 2 x11-libs/libXfont 1.2.7-r1 = 1.2.7-r1 --- 2 affected packages on all of their supported architectures. --- Description === The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Impact == A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. Workaround == There is no known workaround at this time. Resolution == All libXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/libXfont-1.2.7-r1 All TightVNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-misc/tightvnc-1.2.9-r4 References == [ 1 ] CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 [ 2 ] CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 [ 3 ] CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpKHYnqC6DfZ.pgp Description: PGP signature
Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities
netVigilance Security Advisory #12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smiles, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL. External References: Mitre CVE: CVE-2007-0605 NVD NIST: CVE-2007-0605 OSVDB: 33877 Summary: Advanced Guestbook is a PHP-based guestbook with admin interface. Security problems in the product allows attackers to conduct XSS attacks This vulnerabilities can be exploited only when PHP register_globals is On. Advisory URL: http://www.netvigilance.com/advisory0012 Release Date: 05/07/2007 Severity: Risk: Medium CVSS Metrics Access Vector: Remote Access Complexity: High Authentication: not-required Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial Impact Bias: Normal CVSS Base Score: 5.6 Target Distribution on Internet: Low Exploitability: Functional Exploit Remediation Level: Workaround Report Confidence: Uncorroborated Vulnerability Impact: Attack Host Impact: XSS Attack SecureScout Testcase ID: Vulnerable Systems: Advanced Guestbook 2.4.2 Vulnerability Type: XSS (Cross-Site Scripting) to force a web-site to display malicious contents to the target, by sending a specially crafted request to the web-site. The vulnerable web-site is not the target of attack but is used as a tool for the hacker in the attack of the victim. Vendor Status: Contact with the Vendor was established but draft of the security advisory wasn't provided because the Vendor stopped responding to our emails on 9 March 2007. There is no official fix at the release of this Security Advisory Workaround: Set PHP register_globals to Off. Example: XSS Attack Vulnerability 1: REQUEST: http://[TARGET]/[guestbook-directory]/picture.php?size[0]=1size[1]=1img=1picture=%22%3E%3Cscript%3Ealert(%22ok%22)%3C/script%3E%3Cimg%20src=%22 REPLY: Will execute scriptalert(document.cookie)/script XSS Attack Vulnerability 2: The remote attacker can avoid the .htaccess file protection and run any script or view the contents of the templates. Set in the COOKIES variable lang = ../[name of the script without php extension] for example ../lib/admin.class REQUEST: http://[TARGET]/[guestbook-directory]/index.php REPLY: The Server will execute the script Credits: Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com
rPSA-2007-0094-1 cpio
rPath Security Advisory: 2007-0094-1 Published: 2007-05-07 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: cpio=/[EMAIL PROTECTED]:devel//1/2.6-14-0.1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 https://issues.rpath.com/browse/RPL-1338 Description: Previous versions of the cpio package are vulnerable to a user-complicit attack in which cpio may execute attacker-provided code included in an intentionally malformed cpio archive.
ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability
ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-027.html May 8, 2007 -- CVE ID: CVE-2007-0944 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 5 Internet Explorer 6 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since May 8, 2007 by Digital Vaccine protection filter ID 5236. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CTableCol::OnPropertyChange() method. When a named table row in HTML contains a named table column, then calls the deleteCell() JavaScript method, any property of the table column, existing or not, accessed after the deletion takes place will trigger an exploitable memory corruption. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx -- Disclosure Timeline: 2006.10.03 - Vulnerability reported to vendor 2007.05.08 - Digital Vaccine released to TippingPoint customers 2007.05.08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
[USN-458-1] MoinMoin vulnerabilities
=== Ubuntu Security Notice USN-458-1 May 07, 2007 moin vulnerabilities CVE-2007-2423 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.3 Ubuntu 6.10: python2.4-moinmoin 1.5.3-1ubuntu1.3 Ubuntu 7.04: python-moinmoin 1.5.3-1.1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. (CVE-2007-2423) Flaws were discovered in MoinMoin's ACL handling for calendars and includes. Unauthorized users would be able to read pages that would otherwise be unavailable to them. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.3.diff.gz Size/MD5:39487 c3b1dfe20a3bb839def08020159321ef http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.3.dsc Size/MD5: 702 584b400e32f0fae1aef2fa69ffed2bd8 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.3_all.deb Size/MD5: 1507924 c53bc6a1452309b150dc86d0884feea6 http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.3_all.deb Size/MD5:69548 cc8dd84cef4cd95749a7f3914c55b49b http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.3_all.deb Size/MD5: 834738 950146660e787274fe0d69a8ab2bff5d Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.3.diff.gz Size/MD5:40234 e232754328aa47d1f2c5be8252392bf3 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.3.dsc Size/MD5: 726 86bb330aafbfb7c428950f8646fc084b http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.gz Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.3-1ubuntu1.3_all.deb Size/MD5: 1574744 57f533196afd6198798b24eaa105d596 http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.3-1ubuntu1.3_all.deb Size/MD5:73640 64019d9f0109287760bfd5b4660cdc4b http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.3-1ubuntu1.3_all.deb Size/MD5: 909078 f6deadb7c99624b72b08b973c0973f8f Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1.1ubuntu3.1.diff.gz Size/MD5:38905 30c1f2043f7629767530923b797026c5 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1.1ubuntu3.1.dsc Size/MD5: 671 7209cfa3f1a21c1a45dcb2ddf16cabb9 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.gz Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.3-1.1ubuntu3.1_all.deb Size/MD5: 1574964 e73dd559227f0712c5d453b80a08f388 http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.3-1.1ubuntu3.1_all.deb Size/MD5: 914232 26c1e3c3344c2666c1150a77b0ff signature.asc Description: Digital signature
[security bulletin] HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00742778 Version: 3 HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2006-08-10 Last Updated: 2007-04-30 Potential Security Impact: Remote unauthorized arbitrary command execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP OpenView Storage Data Protector running on HP-UX, IBM AIX, Linux, Microsoft Windows, and Solaris. This vulnerability could allow a remote unauthorized user to execute arbitrary commands. References: NISCC 412866 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Storage Data Protector 5.1 and 5.5 running on HP-UX, IBM AIX, Linux, Microsoft Windows, and Solaris. BACKGROUND The Hewlett-Packard Company thanks NISCC for reporting this vulnerability to [EMAIL PROTECTED] To determine if an HP-UX system has an affected version, search the output of swlist -a revision -l fileset for one of the filesets listed below. For affected systems verify that the recommended action has been taken. AFFECTED VERSIONS For HP OpenView Storage Data Protector 5.1 HP-UX B.11.23 (PA) HP-UX B.11.11 HP-UX B.11.00 == DATA-PROTECTOR.OMNI-CORE action: install PHSS_34887 or subsequent, deploy to client systems For HP OpenView Storage Data Protector 5.5 HP-UX B.11.23 (PA) HP-UX B.11.11 HP-UX B.11.00 == DATA-PROTECTOR.OMNI-CORE action: install PHSS_35142 or subsequent, deploy to client systems HP-UX B.11.23 (IA) == DATA-PROTECTOR.OMNI-CORE action: install PHSS_35143 or subsequent, deploy to client systems END AFFECTED VERSIONS RESOLUTION HP has made the following patches available to resolve the issue. The patches can be downloaded from: http://itrc.hp.com The HP-UX patches listed are applied to Installation Servers. They contain the updates for HP-UX, IBM AIX, and Linux clients. More information can be found in the Special Installation Instructions section of the patch documentation. HP OpenView Storage Data Protector 5.1 For HP-UX, IBM AIX, and Linux PHSS_34887 or subsequent - B.11.00, B.11.11, B.11.23 (PA) Installation Servers For Solaris DPSOL_00204 or subsequent For Windows DPWIN_00206 or subsequent HP OpenView Storage Data Protector 5.5 - -For HP-UX, IBM AIX, and Linux (except for x86_64) PHSS_35142 or subsequent - B.11.00, B.11.11, B.11.23 (PA) Installation Servers PHSS_35143 or subsequent - B.11.23 (IA) Installation Servers - -For Linux x86_64 - -Install SSPUX550_159 and its prerequisite patches SSPUX550_068 and SSPUX550_069. These patches will be available via the following ftp site until June 1, 2007. After that date the patches will be available by contacting HP Support. System: hprc.external.hp.com (192.170.19.100) Login: ss061184 Password: ss061184 (NOTE: CASE-sensitive) ftp://ss061184:[EMAIL PROTECTED]/ SSPUX550_159.shar.gz SSPUX550_068.shar.gz SSPUX550_069.shar.gz md5sum: (SSPUX550_159.shar) = 813c8ff5281af853040bc6f6a6339f8a md5sum: (SSPUX550_068.shar) = f3f523262cce6523e0e11605cd06de6b md5sum: (SSPUX550_069.shar) = c3841b88e496e38bd8e2b7baa0b5d545 cksum: 1893672450 7239656 SSPUX550_068.shar cksum: 2719159727 3594346 SSPUX550_069.shar cksum: 19364427 269610 SSPUX550_159.shar For Solaris DPSOL_00228 or subsequent For Windows DPWIN_0202 or subsequent MANUAL ACTIONS: Yes - Non-HP-UX only For HP OpenView Storage Data Protector 5.5 Linux x86_64 Download and install SSPUX550_159 and its prerequisite patches SSPUX550_068 and SSPUX550_069 PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do? productNumber=B6834AA HISTORY: Version: 1 (rev.1) - 10 August 2006 Initial release Version: 2 (rev.2) - 25 October 2006 Patches available Version: 3 (rev.3) - 30 April 2007 Linux x86_64 patches available Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: [EMAIL PROTECTED] It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as
[SECURITY] [DSA 1288-1] New pptpd packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1288-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff May 8th, 2007 http://www.debian.org/security/faq - -- Package: pptpd Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-0244 It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. The oldstable distribution (sarge) is not affected by this problem. For the stable distribution (etch) this problem has been fixed in version 1.3.0-2etch1. For the unstable distribution (sid) this problem has been fixed in version 1.3.4-1. We recommend that you upgrade your pptpd packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1.dsc Size/MD5 checksum: 599 0363621f77d0364e4f58bd834d33b4ad http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1.diff.gz Size/MD5 checksum:11297 419d853dca942c8a0067f498105cb23e http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0.orig.tar.gz Size/MD5 checksum: 204099 75d494e881f7027f4e60b114163f6b67 Alpha architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_alpha.deb Size/MD5 checksum:21554 5da1231c95624aebe45151934ada6d8e http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_alpha.deb Size/MD5 checksum:64740 d6521d5ac703126cc34159150a0e2d52 AMD64 architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_amd64.deb Size/MD5 checksum:20428 70a4c0df307f0945aa314f86df7f2702 http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_amd64.deb Size/MD5 checksum:59290 6bc5e608d384ffbd41405a92e97f647a ARM architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_arm.deb Size/MD5 checksum:20176 d6ce1ef85e3fafdc8cb32d04d6ae98c8 http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_arm.deb Size/MD5 checksum:58408 96844eb323113add2816a8f2e8ca1142 HP Precision architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_hppa.deb Size/MD5 checksum:21004 912a261ede698514104c8fbc93b1b6bf http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_hppa.deb Size/MD5 checksum:59894 5c4ca1daa388f43cc7b3972fc76da82a Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_i386.deb Size/MD5 checksum:20166 c085606c87a9905a2c72e6dcd7305525 http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_i386.deb Size/MD5 checksum:57490 942bd5e1e6e928a841f4d95fd7bf71ee Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_ia64.deb Size/MD5 checksum:23648 ed22bf531fe2b9711208df4e4e3389c6 http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_ia64.deb Size/MD5 checksum:74040 c2d7c1c250b89d9403a7c0199f5fae34 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_mips.deb Size/MD5 checksum:20720 798efba0ced288d3833e2e7b18965ca1 http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_mips.deb Size/MD5 checksum:59772 7d974663a724e5a3ff9f777ceb6ff839 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_mipsel.deb Size/MD5 checksum:20858 cd09139e896c5c11e160b6c10833a786 http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_mipsel.deb Size/MD5 checksum:60398 6a36307f4c7b3e13f85969ffb54e0e65 PowerPC architecture: http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_powerpc.deb Size/MD5 checksum:20540 1dca71d4ff863840bfea87c61456f084