[USN-612-6] OpenVPN regression
=== Ubuntu Security Notice USN-612-6 May 14, 2008 openvpn regression https://launchpad.net/bugs/230193 https://launchpad.net/bugs/230208 http://www.ubuntu.com/usn/usn-612-3 === A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: openssl-blacklist 0.1-0ubuntu0.7.04.2 openvpn 2.0.9-5ubuntu0.2 Ubuntu 7.10: openssl-blacklist 0.1-0ubuntu0.7.10.2 openvpn 2.0.9-8ubuntu0.2 Ubuntu 8.04 LTS: openssl-blacklist 0.1-0ubuntu0.8.04.2 openvpn 2.1~rc7-1ubuntu3.2 After a standard system upgrade you need to restart openvpn to effect the necessary changes. Details follow: USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. This update fixes these problems. We apologize for the inconvenience. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2.dsc Size/MD5: 548 6fbd0fe22ee9e03f7953beab58f769c2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2.tar.gz Size/MD5: 7778456 eee4434860560905a3af66468100a348 http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2.diff.gz Size/MD5:61701 d39b369ff928f451c70bf0779e75f405 http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2.dsc Size/MD5: 641 262ef73ef3557dc4959889b46848138e http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9.orig.tar.gz Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2_all.deb Size/MD5: 3535226 ad5b8c02f9edf0c7701867fcace63d99 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_amd64.deb Size/MD5: 356590 f64d86a6b713cd8326a905e857c3d828 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_i386.deb Size/MD5: 337570 f6898a1af5591c8f8ca93bf3241c7553 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_powerpc.deb Size/MD5: 358182 501e0707d6190c33fb0570f5ca1b3541 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_sparc.deb Size/MD5: 336370 d18a832bf8564796069c8e66e8c6fb5a Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2.dsc Size/MD5: 548 8abff8f249ed0e1a0e944716a7bc917b http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2.tar.gz Size/MD5: 7778457 79b3c02e1d9c759172e8bd696a3d392c http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2.diff.gz Size/MD5:65145 40ac90ce5aca10e2be6410eef3bc7d45 http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2.dsc Size/MD5: 642 350b124caa02ab5015a7faae3d5d11d6 http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9.orig.tar.gz Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2_all.deb Size/MD5: 3535452 16cee119a
[ GLSA 200805-16 ] OpenOffice.org: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Multiple vulnerabilities Date: May 14, 2008 Bugs: #218080 ID: 200805-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Background == OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-office/openoffice < 2.4.0 >= 2.4.0 2 app-office/openoffice-bin < 2.4.0 >= 2.4.0 --- 2 affected packages on all of their supported architectures. --- Description === iDefense Labs reported multiple vulnerabilities in OpenOffice.org: * multiple heap-based buffer overflows when parsing the "Attribute" and "Font" Description records of Quattro Pro (QPRO) files (CVE-2007-5745), * an integer overflow when parsing the EMR_STRETCHBLT record of an EMF file, resulting in a heap-based buffer overflow (CVE-2007-5746), * an integer underflow when parsing Quattro Pro (QPRO) files, resulting in an excessive loop and a stack-based buffer overflow (CVE-2007-5747), * and a heap-based buffer overflow when parsing the "DocumentSummaryInformation" stream in an OLE file (CVE-2008-0320). Furthermore, Will Drewry (Google Security) reported vulnerabilities in the memory management of the International Components for Unicode (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. However, the binary version of OpenOffice.org uses an internal copy of said library. Impact == A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running OpenOffice.org. Workaround == There is no known workaround at this time. Resolution == All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.0" All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.0" References == [ 1 ] CVE-2007-4770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770 [ 2 ] CVE-2007-4771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771 [ 3 ] CVE-2007-5745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745 [ 4 ] CVE-2007-5746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746 [ 5 ] CVE-2007-5747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747 [ 6 ] CVE-2008-0320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320 [ 7 ] GLSA 200803-20 http://www.gentoo.org/security/en/glsa/glsa-200803-20.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-16.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
Correction to BID 29112 "Apache Server HTML Injection and UTF-7 XSS Vulnerability"
HTTP User and Desktop Security Communities; With respect to http://www.securityfocus.com/bid/29112 Per http://www.ietf.org/rfc/rfc2616.txt 3.7.1 Canonicalization and Text Defaults [...] The "charset" parameter is used with some media types to define the character set (section 3.4) of the data. When no explicit charset parameter is provided by the sender, media subtypes of the "text" type are defined to have a default charset value of "ISO-8859-1" when received via HTTP. Data in character sets other than "ISO-8859-1" or its subsets MUST be labeled with an appropriate charset value. See section 3.4.1 for compatibility problems. Internet Explorer's autodetection of UTF-7 clearly violates this specification, introducing the opportunity for myriad similar attacks. These are literally everywhere on the web today, we can trust the kids to continue to explore this vector until it is fixed by Microsoft. There are several workarounds in Apache HTTP Server to dodge this particular vulnerability on your own sites, including AddDefaultCharset ISO-8859-1 and by enabling multilanguage error docs (each translation with an explicit charset) by simply uncommenting this Include of the default httpd.conf file; # Multi-language error messages Include conf/extra/httpd-multilang-errordoc.conf All releases after Jan 2 include fixes across the board to add an explicit charset iso-8859-1 to the built in Apache HTTP modules to compensate for Microsoft's vulnerability, including released versions 2.2.8, 2.0.63, and 1.3.41. This does not affect third party modules you may be loading, applications hosted-on or proxied-through HTTP Server, etc. However this vulnerability should clearly be labeled as a flaw in Internet Explorer. If the browsers under your supervision continue to enable the autodetection of UTF-7, your users remain at risk. As all ISO, UTF-8 and related charsets were 7-bit clean, it's clear that Microsoft err'ed on the side of accepting UTF-7 charset for automatic detection, contrary to to the behavior dictated by RFC 2616.
Re: Cisco BBSM Captive Portal Cross-site Scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, This is the Cisco PSIRT response to an issue that was discovered and reported to Cisco by Brad Antoniewicz from Mcafee/Foundstone Professional Services regarding a cross-site scripting (XSS) vulnerability in Cisco's Building Broadband Service Manager (BBSM). This vulnerability is documented in Cisco bug ID CSCso62583. The Release Note for said bug reads as follows: + BEGIN RELEASE NOTE TEXT Symptom: Some web pages belonging to the Cisco Building Broadband Service Manager (BBSM) web-based interface are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability may allow an attacker to run arbitrary web browser scripting code on the machine the user is using to access the BBSM web interface, under the same privileges as the logged-in user. Conditions: The attack requires of a small amount of social engineering in order to fool a user into following a specially crafted link, containing the malicious code, and purporting to belong to the BBSM web interface Workaround: None. Further problem description: Customers are recommended to install BBSM patch 5332, which is available for download on www.cisco.com Additional information on cross-site scripting attacks is available on the document entitled "Cisco Applied Mitigation Bulletin: Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available at http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml + END RELEASE NOTE TEXT This issue has been fixed on BBSM v5.3 patch 5332. Customers with valid service contracts can download patch 5332 from the following URL: http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&mdfid=278455427&sftType=Building%20Broadband%20Service%20Manager%20(BBSM)%20Updates&optPlat=&nodecount=2&edesignator=null&modelName=Cisco%20Building%20Broadband%20Service%20Manager%205.3&treeMdfId=281527126&treeName=Network%20Monitoring%20and%20Management Cisco PSIRT would like to thank Brad Antoniewicz and Mcafee/Foundstone Professional Services for bringing this issue to our attention and for working with PSIRT toward coordinated disclosure of the issue. Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. Thanks, Eloy Paris.- Cisco PSIRT http://www.cisco.com/go/psirt/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIKxl/agjTfAtNY9gRAqliAJ91B8NgOkTxHBImgtKQY3LiJkk/SACdEHjt i+B1WG8fJ7G9P5DYZgkyPIY= =9w4S -END PGP SIGNATURE-
Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080514-cup Revision 1.0 +- Summary === Cisco Unified Presence contains three denial of service (DoS) vulnerabilities that may cause an interruption in presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml. Affected Products = Vulnerable Products +-- Cisco Unified Presence versions prior to 6.0(3) are affected by the vulnerabilities described in this advisory. Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI). Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. Details === Cisco Unified Presence collects information about a user's availability status and communications capabilities. Using information captured by Cisco Unified Presence, applications such as Cisco Unified Personal Communicator and Cisco Unified Communications Manager can improve productivity by helping users connect with colleagues more efficiently by determining the most effective means for collaborative communication. The Presence Engine service of Cisco Unified Presence version 1.0 contains two vulnerabilities that occur when a series of malformed IP packets are received by a vulnerable Cisco Unified Presence system and may result in a DoS condition. There are no workarounds for these vulnerabilities. These vulnerabilities are fixed in Cisco Unified Presence version 6.0(1). Cisco Unified Presence version 6.0(1) is the upgrade path for Cisco Unified Presence version 1.0. The first vulnerability is documented in CVE-2008-1158 and Cisco Bug ID CSCsh50164. The second vulnerability is documented in CVE-2008-1740 and Cisco Bug ID CSCsh20972. The SIP Proxy service of Cisco Unified Presence versions 6.0(1) and 6.0(2) contain a vulnerability that occurs when a TCP port scan is received by a vulnerable Cisco Unified Presence system and may result in a DoS condition. There is no workaround for this vulnerability. This vulnerability is fixed in Cisco Unified Presence version 6.0(3). This vulnerability is documented in CVE-2008-1741 and Cisco Bug ID CSCsj64533. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCsh50164 - PE Service core dumps when it receives malformed packets CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication -None Confidentiality Impact -None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability -Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCsh20972 - PE Service core dumps under stress test CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication -None Confidentiality Impact -None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability -Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCsj64533 - SIPD service core dumps during TCP port scan CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication -None Confidentiality Impact -None Integrity Impact - None Availability Impact - Complete
Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability Advisory ID: cisco-sa-20080514-csm http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml Revision 1.0 For Public Release 2008 May 14 1600 UTC (GMT) Summary === The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml. Affected Products = Vulnerable Products +-- The Cisco CSM and Cisco CSM-S are affected by the vulnerability described in this document if they are running an affected software version and are configured for layer 7 load balancing. The following versions of the Cisco CSM software are affected by this vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and 4.2(8). The following versions of the Cisco CSM-S software are also affected by this vulnerability: 2.1(2), 2.1(3), 2.1(4), 2.1(5), 2.1(6), and 2.1(7). To determine the software version in use by the CSM or CSM-S, log into the supervisor of the chassis that hosts the CSM or CSM-S modules and issue the command "show module version" (Cisco IOS) or "show version" (Cisco CatOS). CSM modules will display as model "WS-X6066-SLB-APC", CSM-S modules will display as model "WS-X6066-SLB-S-K9", and the software version will be indicated next to the "Sw:" label. Note that the output from "show module version" (for Cisco IOS) is slightly different from the output from "show version" (for Cisco CatOS). However, in both cases the model names will read as previously described, and the software version will be easily identified by looking for the "Sw:" label. The following example shows a CSM in slot number 4 running software version 4.2(3): switch>show module version Mod Port Model Serial #Versions +--- -- --- - 13 WS-SVC-AGM-1-K9SAD092601W5 Hw : 1.0 Fw : 7.2(1) Sw : 5.0(3) 26 WS-SVC-FWM-1 SAD093200X8 Hw : 3.0 Fw : 7.2(1) Sw : 3.2(3)1 38 WS-SVC-IDSM-2 SAD0932089Z Hw : 5.0 Fw : 7.2(1) Sw : 5.1(6)E1 44 WS-X6066-SLB-APC SAD093004BD Hw : 1.7 Fw : Sw : 4.2(3) 52 WS-SUP720-3B SAL0934888E Hw : 4.4 Fw : 8.1(3) Sw : 12.2(18)SXF11 Sw1: 8.6(0.306)R3V15 WS-SUP720 SAL09348488 Hw : 2.3 Fw : 12.2(17r)S2 Sw : 12.2(18)SXF11 WS-F6K-PFC3B SAL0934882R Hw : 2.1 A Cisco CSM or CSM-S is configured for layer 7 load balancing if one or more layer 7 Server Load Balancing (SLB) policies are referenced in the configuration of a virtual server. There are six possible types of SLB policies: "client-group", "cookie-map", "header-map", "reverse-sticky", "sticky-group", and "url-map". Of these, the "client-group" policy type is always a layer 4 policy. The remaining policy types are layer 7 policies and, if used, would render a device affected by the vulnerability described in this document. The following example shows a CSM module that is configured for layer 7 load balancing. Note the SLB policy "TEST-SPORTS-50", which uses "url-map" and "header-map" layer 7 policies, and that is applied to the virtual server named "WEB": module ContentSwitchingModule 5 [...] ! policy TEST-SPORTS-50 url-map SPORTS header-map TEST client-group 50 serverfarm WEBFARM2 ! vserver WEB virtual 10.20.221.100 tcp www serverfarm WEBFARM persistent rebalance slb-policy TEST-SPORTS-50 inservice Products Confirmed Not Vulnerable + Only Cisco CSM modules running indicated 4.2 versions are affected by this vulnerability. CSM sof
[ GLSA 200805-15 ] libid3tag: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libid3tag: Denial of Service Date: May 14, 2008 Bugs: #210564 ID: 200805-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability was found in libid3tag. Background == libid3tag is an ID3 tag manipulation library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libid3tag < 0.15.1b-r2 >= 0.15.1b-r2 Description === Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Impact == A remote attacker could entice a user to open a specially crafted MP3 file, possibly resulting in a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All libid3tag users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libid3tag-0.15.1b-r2" References == [ 1 ] CVE-2008-2109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200805-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[USN-612-5] OpenSSH update
=== Ubuntu Security Notice USN-612-5 May 14, 2008 openssh update https://launchpad.net/bugs/230029 http://www.ubuntu.com/usn/usn-612-2 === A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.4 openssh-client-udeb 1:4.3p2-8ubuntu1.4 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.5 openssh-client-udeb 1:4.6p1-5ubuntu0.5 Ubuntu 8.04 LTS: openssh-client 1:4.7p1-8ubuntu1.2 openssh-client-udeb 1:4.7p1-8ubuntu1.2 After performing a standard system upgrade, users are encouraged to re-run ssh-vulnkey on their systems. Details follow: Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. This update also adds more information to ssh-vulnkey's manual page. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.4.diff.gz Size/MD5: 275922 b4c4369358cb99b5b7310671b4b6c644 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.4.dsc Size/MD5: 1074 b62e8d1771f57591e38883630e8909c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubuntu1.4_all.deb Size/MD5: 1088 a41a7529e7dd57d65732a87fd4d12b1a http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3p2-8ubuntu1.4_all.deb Size/MD5:93516 1f18571e095d82d33d59a4b18ea1131d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.4_amd64.udeb Size/MD5: 173114 745de83450fd428f59b49819180ea6e5 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.4_amd64.deb Size/MD5: 739984 c2b5359b14584f2ddd0a127b1e54ab05 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.4_amd64.udeb Size/MD5: 185950 1e400a17bef0a1a046e3c6fe300d6cf1 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.4_amd64.deb Size/MD5: 255684 ecffa0f893439bf7aa9dfa7794bb5865 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.4_amd64.deb Size/MD5: 101900 07669fcf7d23a6e2f2790b5024e25107 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.4_i386.udeb Size/MD5: 156808 50fb7499a1b3eaed7ce807d3159e901f http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.4_i386.deb Size/MD5: 701964 93e2dda8a8bba51d2e1605960ed17222 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.4_i386.udeb Size/MD5: 165478 3909dc0d1a3db832846523ecba68ed71 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.4_i386.deb Size/MD5: 238158 38ac65e30b8c84b66ab8f982a630144d http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.4_i386.deb Size/MD5: 101600 2f46f59002999da1d748a602d9df93eb powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.4_powerpc.udeb Size/MD5: 178914 5f6bfcb0dfa67657a8af8b198d88189f http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.4_powerpc.deb Size/MD5: 767888 b7456adaa4daf3d37f43d872876251dd http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.4_powerpc.udeb Size/MD5: 184134 42cbfb13531030487616726f2a853c1b http://security.ubuntu.com/ubuntu/pool/main/o/op
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080514-cucmdos Revision 1.0 +- Summary === Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple denial of service (DoS) vulnerabilities that may cause an interruption in voice services, if exploited. These vulnerabilities were discovered internally by Cisco. The following Cisco Unified Communications Manager services are affected: * Certificate Trust List (CTL) Provider * Certificate Authority Proxy Function (CAPF) * Session Initiation Protocol (SIP) * Simple Network Management Protocol (SNMP) Trap Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml. Affected Products = Vulnerable Products +-- These products are vulnerable: * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7 * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4 * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2) * Cisco Unified Communications Manager 5.x versions prior to 5.1(3) * Cisco Unified Communications Manager 6.x versions prior to 6.1(1) Administrators of systems running Cisco Unified Communications Manager version 4.x can determine the software version by navigating to Help > About Cisco Unified CallManager and selecting the Details button via the Cisco Unified Communications Manager Administration interface. Administrators of systems that are running Cisco Unified Communications Manager versions 5.x and 6.x can determine the software version by viewing the main page of the Cisco Unified Communications Manager Administration interface. The software version can also be determined by running the command show version active via the command line interface (CLI). Products Confirmed Not Vulnerable + Cisco Unified Communications Manager Express is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details === Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Certificate Trust List Provider Related Vulnerabilities The Certificate Trust List (CTL) Provider service of Cisco Unified Communications Manager version 5.x contains a memory consumption vulnerability that occurs when a series of malformed TCP packets are received by a vulnerable Cisco Unified Communications Manager system and may result in a DoS condition. The CTL Provider service listens by default on TCP port 2444 and is user configurable. The CTL Provider service is enabled by default. There is a workaround for this vulnerability. The vulnerability is fixed in Cisco Unified Communications Manager version 5.1(3). The vulnerability is documented in Cisco Bug ID CSCsj80609 and has been assigned the CVE identifier CVE-2008-1742. The CTL Provider service of Cisco Unified Communications Manager versions 5.x and 6.x contain a memory consumption vulnerability that occurs when a series of malformed TCP packets are received by a vulnerable Cisco Unified Communications Manager system and may result in a DoS condition. The CTL Provider service listens by default on TCP port 2444 and is user configurable. There is a workaround for this vulnerability. The vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3) and 6.1(1). This vulnerability is documented in Cisco Bug ID CSCsi98433 and has been assigned the CVE identifier CVE-2008-1743. Certificate Authority Proxy Function Related Vulnerability The Certificate Authority Proxy Function (CAPF) service of Cisco Unified Communications Manager versions 4.1, 4.2 and 4.3 contain a vulnerability when handling malformed input that may result in a DoS condition. The CAPF service listens by default on TCP port 3804 and is user configurable. The CAPF service is disabled by default. There is a workaround for this vulnerability. This vulnerability is fixed in Cisco Unified Communications Manager versions 4.1(3)SR7, 4.2(3)SR4 and 4.3(2). This vulnerability is documented in Cisco Bug ID CSCsk46770 and has been assigned the CVE identifier CVE-2008-1744. SIP-Related Vulnerabilities Cisco Unified Communications Manager versions 5.x and 6.x contain a vulnerability in the handling of malformed SIP JOIN messages that may result in a DoS condition. SIP processing cannot be disabled in Ci
CFP: European Conference on Computer Network Defense
CALL FOR PAPERS: EC2ND 2008 European Conference on Computer Network Defense (in cooperation with ENISA) December 11th & 12th 2008, Dublin City University, Dublin, Ireland. http://2008.ec2nd.org/ Call for Papers The fourth annual EC2ND conference will take place on December 11th & 12th 2008 in the Faculty of Engineering and Computing at Dublin City University. The theme of the conference is the protection of computer networks. As with past EC2ND conferences, this year's event will encourage participants from academia and industry within Europe and beyond to discuss current topics in applied network and systems security. EC2ND 2008 invites submissions presenting novel ideas at an early stage with the intention to act as a discussion forum and feedback channel for promising, innovative security research. While our goal is to solicit ideas that are not completely worked out, and might have challenging and interesting open questions, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results. Topics include but are not limited to: Intrusion Detection Denial-of-Service Privacy Protection Security Policies Peer-to-Peer and Grid Security Network Monitoring Web Security Vulnerability Management and Tracking Network Forensics Wireless and Mobile Security Cryptography Network Discovery and Mapping Incident Response and Management Malicious Software Web Services Security Legal and Ethical Issues Important Dates Paper Submission Deadline: September 1st, 2008 Notification of Acceptance: September 18th, 2008 Final Paper Due: October 1st, 2008 Conference Dates: December 11th & 12th, 2008 Organisers Conference & General Chair Liam Meany, Dublin City University, Dublin, Ireland. Programme Co-Chairs Dr. Sotiris Ioannidis, FORTH, Heraklion, Greece. Dr. Kostas Anagnostakis, Institute for Infocomm Research, Singapore. Programme Review Committee Prof. Gritzalis Stefanos, University of the Agean, Greece. Dr. Stefano Zanero, Milano Technical University, Milan, Italy. Christopher Kruegel , University of California, Santa Barbara,USA. Prof. Diomidis Spinellis, Athens University, Greece. Eric Cronin, University of Pennsylvania, Philadelphia, USA. Prof. George Polyzos, University of California, San Diego, USA. Dr. Panagiotis Trimintzios, ENISA, Heraklion, Greece. Sandro Etalle, Technical University of Eindhoven, Holland. Michalis Polychronakis, University of Crete, Greece. Prof. Javier Lopez, University of Malaga, Spain. Dr. Theo Tryfonas, University of Glamorgan, Wales, UK. Prof. Engin Kirda, Eurecom Graduate School, Cote d'Azur, France. Thorsten Holz, University of Mannheim, Germany. Prof. Herbert Bos, Vrije Universiteit Amsterdam, Amsterdam, Holland. David Brumley, Carnegie Mellon University, Pittsburgh, USA. Marco Cremonini, Università degli Studi di Milano, Milan. Dr. Ulrike Meyer, Darmstadt University of Technology, Darmstadt, Germany. Dr. Philippe Owezarski, National Centre for Scientific Research, Toulouse, France. Dr. George Danezis, ESAT, Flanders, Belgium. Dr. Austin Donnelly, Microsoft Research, Cambridge, UK. Prof. Angelos Stavrou, George Mason University, Virginia, USA. Dr. Sven Ubik, CESNET Research, Czech Republic. Cyril Onwubiko, Kingston University, London, UK. Dr. Mike Scott, Dublin City University, Dublin, Ireland. Carlos Ribeiro, IST, Lisbon, Portugal. Steering Committee Prof. Evangelos Markatos, FORTH, Heraklion, Greece. Dr. Panagiotis Trimintzios, ENISA, Heraklion, Greece. Dr. Andrew J Blyth, University of Glamorgan, Wales, UK. Dr. Sotiris Ioannidis, FORTH, Heraklion, Greece. Dr. Kostas Anagnostakis, Institute for Infocomm Research, Singapore. Prof. Vasilios Siris, University of Crete, Greece. Anna Doxastaki, FORTH, Heraklion, Greece. Dr. Theo Tryfonas, University of Glamorgan, Wales, UK. -- Cordiali saluti, Stefano Zanero Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel.+39 02 2399-4017 Fax.+39 02 2399-3411 E-mail: [EMAIL PROTECTED] Web:http://home.dei.polimi.it/zanero/
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1576-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer May 14, 2008 http://www.debian.org/security/faq - Package: openssh Vulnerability : predictable random number generator Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2008-0166 The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied. 1. Install the security updates This update contains a dependency on the openssl update and will automatically install a corrected version of the libss0.9.8 package, and a new package openssh-blacklist. Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases). If you are using such keys for user authentication, they will immediately stop working and will need to be replaced (see step 3). OpenSSH host keys can be automatically regenerated when the OpenSSH security update is applied. The update will prompt for confirmation before taking this step. 2. Update OpenSSH known_hosts files The regeneration of host keys will cause a warning to be displayed when connecting to the system using SSH until the host key is updated in the known_hosts file. The warning will look like this: @@@ @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. In this case, the host key has simply been changed, and you should update the relevant known_hosts file as indicated in the error message. It is recommended that you use a trustworthy channel to exchange the server key. It is found in the file /etc/ssh/ssh_host_rsa_key.pub on the server; it's fingerprint can be printed using the command: ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub In addition to user-specific known_hosts files, there may be a system-wide known hosts file /etc/ssh/known_hosts. This is file is used both by the ssh client and by sshd for the hosts.equiv functionality. This file needs to be updated as well. 3. Check all OpenSSH user keys The safest course of action is to regenerate all OpenSSH user keys, except where it can be established to a high degree of certainty that the key was generated on an unaffected system. Check whether your key is affected by running the ssh-vulnkey tool, included in the security update. By default, ssh-vulnkey will check the standard location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity), your authorized_keys file (~/.ssh/authorized_keys and ~/.ssh/authorized_keys2), and the system's host keys (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key). To check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): ssh-vulnkey To check all keys on your system: sudo ssh-vulnkey -a To check a key in a non-standard location: ssh-vulnkey /path/to/key If ssh-vulnkey says "Unknown (no blacklist information)", then it has no information about whether that key is affected. In this case, you can examine the modification time (mtime) of the file using "ls -l". Keys generated before September 2006 are not affected. Keep in mind that, although unlikely, backup procedures may have changed the file date back in time (or the system clock may have been incorrectly set). If in doubt, generate a new key and remove the old one from any servers. 4. Regenerate any affected user keys OpenSSH keys used for user authentication must be manually regenerated, including those which may have since been transferred to a different system after being generated. New keys can be generated using ssh-keygen, e.g.: $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 [EMAIL PROTECTED]
[USN-612-4] ssl-cert vulnerability
=== Ubuntu Security Notice USN-612-4 May 14, 2008 ssl-cert vulnerability CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1 === A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: ssl-cert1.0.13-0ubuntu0.7.04.1 Ubuntu 7.10: ssl-cert1.0.14-0ubuntu0.7.10.1 Ubuntu 8.04 LTS: ssl-cert1.0.14-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems. (CVE-2008-0166) == Who is affected == Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8 * Debian 4.0 (etch) (see corresponding Debian security advisory) and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate. All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied. This includes the automatically generated host keys used by OpenSSH, which are the basis for its server spoofing and man-in-the-middle protection. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.13-0ubuntu0.7.04.1.dsc Size/MD5: 793 109f4a29848119dfbc614e7674bada8e http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.13-0ubuntu0.7.04.1.tar.gz Size/MD5:11552 b863931133919dfafe05c24e70bab9f6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.13-0ubuntu0.7.04.1_all.deb Size/MD5:10378 6d5c910cb0a5ece3b7273de556193a9a Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.14-0ubuntu0.7.10.1.dsc Size/MD5: 793 224c3d477485b8b47620493bd94f96d4 http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.14-0ubuntu0.7.10.1.tar.gz Size/MD5:14460 a9a6aef14698db961d7ebca02fa1f8ec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.14-0ubuntu0.7.10.1_all.deb Size/MD5:12014 153b5c06ea0f13b3e6d080f53d06d5b5 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.14-0ubuntu2.1.dsc Size/MD5: 783 f97ec277d2d22408e1384c3919dd1e9b http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.14-0ubuntu2.1.tar.gz Size/MD5:14726 6f4f4ceacb84709ea30f401e2a18b6ec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.14-0ubuntu2.1_all.deb Size/MD5:12274 2f74cb6f5207ce320ab75ae5fe537658 signature.asc Description: Digital signature
Malformed Acrobat Distiller 8 .joboptions
= = Malformed Acrobat Distiller 8 .joboptions = = Vendor Website: = http://www.adobe.com = = Affected Version: = Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8 = = Vendor Notified - February 2007 = Public Disclosure - May 2008 = http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D istiller_Malformed_joboptions_File.pdf = == Overview == Another day, another file format bug, nothing to see here, move along.. Security-Assessment.com discovered multiple heap based overflow flaws within Acrobat Distiller 8 which under certain circumstances can be used to execute arbitrary code. The vulnerability was found within the .joboptions file type. An auto-opening PDF quality settings file extension used by Acrobat Distiller. Font names stored within the parameters /AlwaysEmbed and /NeverEmbed both produce a heap based overflow when a large (160+ char) font name is supplied. Acrobat 8 professional and any other Adobe suite which contains Acrobat Distiller acrodist.exe (Such as CS3) is vulnerable to this issue. Original Vendor Advisories: http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.adobe.com/support/security/advisories/apsa08-01.html == Solutions == Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2 available here: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849. == Credit == Discovered and advised to Adobe February , 2007 by Paul Craig of Security-Assessment.com - Paul.CraigSecurity-Assessment.com == Greetings == Past and present Security-Assessment.com members. The .NZ Security Scene KiwiCon '08 (www.kiwicon.org) == About Security-Assessment.com == Security-Assessment.com is New Zealand's leading team of Information security consultants specialising in providing high quality Information and Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients. Security-Assessment.com is committed to security research and development, and its team continues to identify and responsibly publish vulnerabilities in public and private software vendor's products. Members of the Security-Assessment.com R&D team are globally recognised through their release of whitepapers and presentations related to new security research.
Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability
/ Please join us to pray for the people still in the huge earthquake in eastern Sichuan, China. */ Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net Summary: A memory corruption vulnerability exists in Microsoft Office Publisher while it is parsing PUB file. An attacker who successfully exploit this vulnerability can execute arbitrary code on the affected system. Affected Software Versions: Microsoft Office Publisher 2007 0 Microsoft Office Publisher 2003 SP3 Microsoft Office Publisher 2003 SP2 Microsoft Office Publisher 2002 SP3 Microsoft Office Publisher 2000 SP3 Microsoft Office Publisher 2007 SP1 Details: Currently there is no details released. Solution: Microsoft has released an advisory for this vulnerability which is available on: http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx CVE Information: CVE-2008-0119 Disclosure Timeline: 2007.12.10Vendor notified 2007.12.10Vendor responded 2008.05.13Coordinated public disclosure --EOF--
[SECURITY] [DSA 1577-1] New gforge packages fix insecure temporary files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1577-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst May 14, 2008 http://www.debian.org/security/faq - Package: gforge Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0167 Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitary files on the local system. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch8. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your gforge package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.dsc Size/MD5 checksum: 950 b920bc8243418bf618256638369bc4cd http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz Size/MD5 checksum: 198227 d2fa0c2fcd092cca4b06fa58c852bacc Architecture independent packages: http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch8_all.deb Size/MD5 checksum:88632 653a57ad16301d4c56dd6258c7899bf3 http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch8_all.deb Size/MD5 checksum: 704846 40d23715b91b68be2818f3cd40fcd69f http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch8_all.deb Size/MD5 checksum:76104 b9536b17b890cb1e9c01774799a2b7a7 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8_all.deb Size/MD5 checksum:80300 14cb35a87fcd66ec653f2f195f1257ba http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch8_all.deb Size/MD5 checksum:88530 949dba8de49b5294a6c1607c0e0867a9 http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch8_all.deb Size/MD5 checksum:86364 e5b31d0d6241fc49af69fa18a43ca5cb http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch8_all.deb Size/MD5 checksum:87170 4c43a30b39c833c6459bebf65efa3ffd http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch8_all.deb Size/MD5 checksum: 1010898 6834ceb2ad8bec97dec9885f5d67a142 http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch8_all.deb Size/MD5 checksum: 212528 aa2271a99ae166fda40c1dac6e866548 http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch8_all.deb Size/MD5 checksum:86070 5dc7c68b4c4d9a42809836405b85a240 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch8_all.deb Size/MD5 checksum:89146 ca4c0ca3f759fac3419e9523ec7772a2 http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch8_all.deb Size/MD5 checksum:82106 706a78d1a7d86304890844b61988b580 http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch8_all.deb Size/MD5 checksum:95576 a2bba36bc643f1adf1950574fa38ff1d http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch8_all.deb Size/MD5 checksum: 103780 666082ac03c7edecc48fce7072890654 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSCsGRGz0hbPcukPfAQK0mgf9HX31ee6QVQsd20gDE4/MMYPJpB/jlaFS +IqoID2+dqi0B1E9eiMMW4LzKQQIV53eAs4ATeVUA8zpo6Gl3A4xo86nKAsq1CX3 Dg/Z3Fo0inNfNIt9uim9cM4aWMv6efiR9q9mjdWc4sq7PLJu1mMMpdITvBAwrmdu