[security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01696729 Version: 3 HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-03-23 Last Updated: 2009-04-06 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0920, CVE-2009-0921 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2009-0920 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2009-0921 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. The Hewlett-Packard Company thanks Oren Isacson of Core Security Technologies for reporting these vulnerabilities to security-al...@hp.com. RESOLUTION HP has made archive files available to resolve the vulnerabilities. The archive files are listed in the tables below. The tables also list required patches. The patches will insure that NNM is compatible with the software files in the archive. The patches are available from http://support.openview.hp.com/selfsolve/patches Note: The patches are not available from the HP IT Resource Center (ITRC). The archive files are available from: ftp://ss090008:ss090...@hprc.external.hp.com/ Note: Archive files are now available for NNM v7.53 with Intermediate Patch 22. The archives listed in rev.1 of this Security Bulletin are valid for NNM v7.53 with Intermediate Patch 21 and NNM v7.01 with Intermediate Patch 12. There is no need to install new archives if the archives listed in rev.1 have already been installed. Note: SSRT090008.QCCR1B26779.753_IP22_ rev1 .hotfix.tar contains the files for Windows. These files were inadvertently omitted from SSRT090008.QCCR1B26779.753_IP22.hotfix.tar. The files for HP-UX, Linux, and Solaris are the same in both archives. To install the archive files: 1. Install the required patch listed below 2. Uncompress the appropriate archive (SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar.gz, SSRT090008.QCCR1B26779.753_IP21.hotfix.tar.gz, SSRT090008.QCCR1B26779.701_IP12.hotfix.tar.gz) 3. Unpack the appropriate archive (SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar, SSRT090008.QCCR1B26779.753_IP21.hotfix.tar, SSRT090008.QCCR1B26779.701_IP12.hotfix.tar) 4. ovstop -c 5. Follow the instructions in the README.txt file 6. ovstart -c OV NNM v7.53 with Intermediate Patch 22 === Operating System Required Patch Archive File Archive File MD5 Sum HP-UX (IA) PHSS_39246 SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar 67f6631e8af8a0791d79fe017d0a9b49 HP-UX (PA) PHSS_39245 SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar 67f6631e8af8a0791d79fe017d0a9b49 Linux RedHatAS2.1 LXOV_00093 SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar 67f6631e8af8a0791d79fe017d0a9b49 Linux RedHat4AS-x86_64 LXOV_00094 SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar 67f6631e8af8a0791d79fe017d0a9b49 Solaris PSOV_03519 SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar 67f6631e8af8a0791d79fe017d0a9b49 Windows NNM_01197 SSRT090008.QCCR1B26779.753_IP22_rev1.hotfix.tar 67f6631e8af8a0791d79fe017d0a9b49 OV NNM v7.53 with Intermediate Patch 21 === Operating System Required Patch Archive File Archive File MD5 Sum HP-UX (IA) PHSS_38783 SSRT090008.QCCR1B26779.753_IP21.hotfix.tar 8001b070bd8bfb41ad1cd8f8be248e55 HP-UX (PA) PHSS_38782 SSRT090008.QCCR1B26779.753_IP21.hotfix.tar 8001b070bd8bfb41ad1cd8f8be248e55 Linux RedHatAS2.1 LXOV_00089 SSRT090008.QCCR1B26779.753_IP21.hotfix.tar 8001b070bd8bfb41ad1cd8f8be248e55 Linux RedHat4AS-x86_64 LXOV_00090 SSRT090008.QCCR1B26779.753_IP21.hotfix.tar 8001b070bd8bfb41ad1cd8f8be248e55 Solaris PSOV_03517 SSRT090008.QCCR1B26779.753_IP21.hotfix.tar 8001b070bd8bfb41ad1cd8f8be248e55 Windows NNM_01195 SSRT090008.QCCR1B26779.753_IP21.hotfix.tar 8001b070bd8bfb41ad1cd8f8be248e55 OV NNM v7.51 === Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above. Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available here: ftp://nnm_753:upd...@hprc.external.hp.com/ OV NNM v7.01 with Intermediate Patch 12 === Operatin
TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow
TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-09-02 April 6, 2009 -- CVE ID: CVE-2009-0910 -- Affected Vendors: VMWare, Inc. -- Affected Products: VMWare, Inc. VMWare Server VMWare, Inc. VMWare ACE VMWare, Inc. VMWare Player VMWare, Inc. VMWare Workstation -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is stored within an AVI container file. While playing back such files the function responsible for handling ICM_DECOMPRESS driver messages implicitly trusts a size value while decompressing a frame. Specifically, the dwSize element within an Open-DML standard index RIFF chunk is used as an argument to a memcpy into a static heap buffer. This can be leveraged to execute arbitrary code on the host system under the context of the current user. -- Vendor Response: VMWare, Inc. has issued an update to correct this vulnerability. More details can be found at: http://www.vmware.com/security/advisories/VMSA-2009-0005.html -- Disclosure Timeline: 2009-02-16 - Vulnerability reported to vendor 2009-04-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Aaron Portnoy, TippingPoint DVLabs
ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability
ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-016 April 6, 2009 -- Affected Vendors: Novell -- Affected Products: Novell Netware -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability. The specific flaw exists within xtagent.exe during the handling of RPC messages over the XTIERRPCPIPE named pipe. Insufficient sanity checking allows remote attackers to dereference an arbitrary pointer which can be leveraged to execute code under the context of the system user. -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://download.novell.com/Download?buildid=6ERQGPjRZ8o~ -- Disclosure Timeline: 2008-10-15 - Vulnerability reported to vendor 2009-04-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ruben Santamarta -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/
[ GLSA 200904-07 ] Xpdf: Untrusted search path
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: Untrusted search path Date: April 07, 2009 Bugs: #242930 ID: 200904-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in Xpdf might allow local attackers to execute arbitrary code. Background == Xpdf is a PDF file viewer that runs under the X Window System. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/xpdf < 3.02-r2 >= 3.02-r2 Description === Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definition of the SYSTEM_XPDFRC macro when compiling a repackaged version of Xpdf. Impact == A local attacker could entice a user to run "xpdf" from a directory containing a specially crafted "xpdfrc" file, resulting in the execution of arbitrary code when attempting to, e.g., print a file. Workaround == Do not run Xpdf from untrusted working directories. Resolution == All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.02-r2" References == [ 1 ] CVE-2009-1144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1144 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
[ GLSA 200904-08 ] OpenSSL: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Denial of Service Date: April 07, 2009 Bugs: #263751 ID: 200904-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An error in OpenSSL might allow for a Denial of Service when printing certificate details. Background == OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/openssl < 0.9.8k >= 0.9.8k Description === The ASN1_STRING_print_ex() function does not properly check the provided length of a BMPString or UniversalString, leading to an invalid memory access. Impact == A remote attacker could entice a user or automated system to print a specially crafted certificate, possibly leading to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8k" References == [ 1 ] CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part.
Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow
== Secunia Research 07/04/2009 - IrfanView Formats Plug-in XPM Parsing Integer Overflow - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * IrfanView Formats Plug-in 4.22 NOTE: Other versions may also be affected. == 2) Severity Rating: Highly critical Impact: System access Where: From remote == 3) Vendor's Description of Software "IrfanView is a very fast, small, compact and innovative FREEWARE (for non-commercial use) graphic viewer.". Product Link: http://www.irfanview.com/plugins.htm == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file. == 5) Solution Update to version 4.23. == 6) Time Table 31/03/2009 - Vendor notified. 01/04/2009 - Vendor response. 06/04/2009 - Vendor issues fixed version. 07/04/2009 - Public disclosure. == 7) Credits Discovered by Stefan Cornelius, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-0197 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-20/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ==
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-09-01 April 6, 2009 -- CVE ID: CVE-2009-0909 -- Affected Vendors: VMWare, Inc. -- Affected Products: VMWare, Inc. VMWare Player VMWare, Inc. VMWare Workstation VMWare, Inc. VMWare Server VMWare, Inc. VMWare ACE -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is essentially a recorded session of VNC's RFB protocol. In VMWare's implementation the stream consists solely of FrameBufferUpdate messages (message type 0). However, if the message type of one of these blocks is changed to any value greater than 0x03 a size assumption is made which results in faulty math being applied to a pointer used later in a memcpy. This can be leveraged to execute arbitrary code on the host system under the context of the current user. -- Vendor Response: VMWare, Inc. has issued an update to correct this vulnerability. More details can be found at: http://www.vmware.com/security/advisories/VMSA-2009-0005.html -- Disclosure Timeline: 2009-02-13 - Vulnerability reported to vendor 2009-04-06 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Aaron Portnoy, TippingPoint DVLabs
[security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01690019 Version: 1 HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-04-06 Last Updated: 2009-04-06 Potential Security Impact: Local privilege escalation, local unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running PAM Kerberos. The vulnerability could be exploited locally to create a privilege escalation or to allow an unauthorized access. References: CVE-2009-0360, CVE-2009-0361 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running PAM Kerberos BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2009-0360 (AV:L/AC:H/Au:N/C:C/I:C/A:C) 6.2 CVE-2009-0361 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has provided the following upgrades to resolve this vulnerability. The patches are available from the following location: URL: http://software.hp.com HP-UX Release PAM Kerberos depot name B.11.11 (11i v1) PAMKerberos_B.11.11.16_HP-UX_B.11.11_32_64.depot B.11.23 (11i v2) PAMKerberos_C.01.25_HP-UX_B.11.23_IA_PA.depot B.11.31 (11i v3) PAMKerberos_D.01.25_HP-UX_B.11.31_IA_PA.depot MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 == KRBS-Support.KRBS-SUPP-MAN KRBS-Support.KRBS-SUPP-NOTE KRBS-Support.KRBS-SUPP-RUN PAM-Kerberos.PAM-KRB-64SLIB PAM-Kerberos.PAM-KRB-DEMO PAM-Kerberos.PAM-KRB-MAN PAM-Kerberos.PAM-KRB-RUN PAM-Kerberos.PAM-KRB-SHLIB action: install revision B.11.11.16 or subsequent URL: http://software.hp.com HP-UX B.11.23 == PAM-Kerberos.PAM-KRB-64SLIB PAM-Kerberos.PAM-KRB-DEMO PAM-Kerberos.PAM-KRB-I64LIB PAM-Kerberos.PAM-KRB-IASLIB PAM-Kerberos.PAM-KRB-MAN PAM-Kerberos.PAM-KRB-RUN PAM-Kerberos.PAM-KRB-SHLIB action: install revision C.01.25 or subsequent URL: http://software.hp.com HP-UX B.11.31 == PAM-Kerberos.PAM-KRB-64SLIB PAM-Kerberos.PAM-KRB-DEMO PAM-Kerberos.PAM-KRB-I64LIB PAM-Kerberos.PAM-KRB-IASLIB PAM-Kerberos.PAM-KRB-MAN PAM-Kerberos.PAM-KRB-RUN PAM-Kerberos.PAM-KRB-SHLIB action: install revision D.01.25 or subsequent URL: http://software.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 6 April 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-al...@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
Sun Java System Acccess Manager & Identity Manager Users Enumeration Affected Software: Sun Java System Access Server, OpenSSo Sun Java System Identity Manager Author: Marco Mella - marco[ dot ]mella[at]aboutsecurity[dot]net More information, Advisory and POC URL: http://www.aboutsecurity.net Sun Java System Identity Manager Security Vulnerabilities Sun Java System Identity Manager 7.0 Sun Java System Identity Manager 7.1 Sun Java System Identity Manager 7.1.1 Sun Java System Identity Manager 8.0 Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 Sun Java System Identity Manager Sun Java System Access Manager 6 2005Q1 (6.3) Sun Java System Access Manager 7 2005Q4 (7.0) Sun Java System Access Manager 7.1 Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1 [Summary] A Security Vulnerability in Sun Java System Access Manager and Identity Manager allow a Remote Unprivileged User to Determine the existence of "guessed" UserID facilitating brute-force attacks. [Proof of Concept] Simple POC for users enumeration on Access Manager and Identity Manager available on http://www.aboutsecurity.net
[USN-753-1] PostgreSQL vulnerability
=== Ubuntu Security Notice USN-753-1 April 07, 2009 postgresql-8.1, postgresql-8.3 vulnerability CVE-2009-0922 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-8.1 8.1.17-0ubuntu0.6.06.1 Ubuntu 8.04 LTS: postgresql-8.3 8.3.7-0ubuntu8.04.1 Ubuntu 8.10: postgresql-8.3 8.3.7-0ubuntu8.10.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1.diff.gz Size/MD5:31228 71bccf2bc3a9d691fa188f17256be796 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1.dsc Size/MD5: 1134 27ed81130c485b3d35ac4e41c1125f83 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17.orig.tar.gz Size/MD5: 11476782 0cb0becc0742b0560ae560e247a61297 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.17-0ubuntu0.6.06.1_all.deb Size/MD5: 1510090 3c70135edbb89f5b1fd5b95b20331582 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 182848 45e99ca93914aeef4f55503a181ab9c6 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 374930 d3edfe3fb3d1c1fc34981980e0e42113 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 203862 ee00d25f970cccb1d4a1fef4aaf8c9cc http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 204808 f87d6e9fea0eb2cb421d89a8c43ad705 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 338742 90bb10f7ac1f603f1155e1bdd02c80ff http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 236698 037356b6c205f949afc6b33ca8e589d9 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 3181004 9af6957744b7691cf233b5e177bafd15 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 812966 3269705fb1a0f6a2e58a5bf88eb5e8f3 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 645760 31dc149f9d3d4bd2954c8e69cabb654b http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 199708 2f9874cbf2a0f9f867d36a25e436ead6 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 193712 ffc8ac50c1b4e41c9ef150df318d6466 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 193848 0f0efbfc8b8bec11b922eb97b990ef31 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.17-0ubuntu0.6.06.1_amd64.deb Size/MD5: 629244 e032173db63d451a15f5d9521108234f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.17-0ubuntu0.6.06.1_i386.deb Size/MD5: 181794 db6377b40682f8d10a5ef7f5cacb911a http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.17-0ubuntu0.6.06.1_i386.deb Size/MD5: 365256 dc654d40d08e8eb8889be4e2c94c1fb9 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.17-0ubuntu0.6.06.1_i386.deb Size/MD5: 201602 71a4c2ce208b2878796537a1aba7f31a http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.17-0ubuntu0.6.06.1_i386.deb Size/MD5: 202974 9fd582b36eaf2ad9be207ad686be3d97 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/l
[ GLSA 200904-06 ] Eye of GNOME: Untrusted search path
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Eye of GNOME: Untrusted search path Date: April 06, 2009 Bugs: #257002 ID: 200904-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An untrusted search path vulnerability in the Eye of GNOME might result in the execution of arbitrary code. Background == The Eye of GNOME is the official image viewer for the GNOME Desktop environment. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-gfx/eog < 2.22.3-r3 >= 2.22.3-r3 Description === James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983. Impact == A local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == Do not run "eog" from untrusted working directories. Resolution == All Eye of GNOME users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3" References == [ 1 ] CVE-2008-5983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983 [ 2 ] CVE-2008-5987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature
MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-002
MIT krb5 Security Advisory 2009-002
Original release: 2009-04-07
Last update: 2009-04-07
Topic: ASN.1 decoder frees uninitialized pointer
[CVE-2009-0846]
ASN.1 GeneralizedTime decoder can free uninitialized pointer
CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 10
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact:Complete
CVSSv2 Temporal Score: 7.8
Exploitability: Proof-of-Concept
Remediation Level: Official Fix
Report Confidence: Confirmed
SUMMARY
===
[CVE-2009-0846]
An ASN.1 decoder can free an uninitialized pointer when decoding an
invalid encoding. This can cause a Kerberos application to crash, or,
under theoretically possible but unlikely circumstances, execute
arbitrary malicious code. No exploit is known to exist that would
cause arbitrary code execution.
This is an implementation vulnerability in MIT krb5, and is not a
vulnerability in the Kerberos protocol.
IMPACT
==
[CVE-2009-0846] An unauthenticated, remote attacker could cause a
Kerberos application, including the Kerberos administration daemon
(kadmind) or the KDC to crash, and possibly to execute arbitrary code.
Compromise of the KDC or kadmind can compromise the Kerberos key
database and host security on the KDC host. (The KDC and kadmind
typically run as root.) We believe this scenario is highly unlikely,
given the details of the vulnerability.
Third-party applications using MIT krb5 may also be vulnerable.
MITIGATING FACTORS
==
While it is theoretically possible for an attacker to execute
arbitrary code by exploiting this vulnerability, it is believed to be
more difficult than exploiting other sorts of memory management flaws
such as double-free or heap buffer overflow events. Also, in order to
exploit this vulnerability to remotely execute code, an attacker must
ensure that the uninitialized pointer points to valid address space,
otherwise a null-dereference crash will typically occur.
Some operating systems have hardened malloc implementations that are
not susceptible to this problem. These operating systems are still
vulnerable to a denial of service if the uninitialized pointer points
to invalid address space.
AFFECTED SOFTWARE
=
* All MIT krb5 releases
* Third-party software using the krb5 library from MIT krb5 releases
FIXES
=
* The upcoming krb5-1.7 and krb5-1.6.4 releases will contain fixes for
this vulnerability.
* Apply the patch
diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c
index aa4be32..5f7461d 100644
- --- a/src/lib/krb5/asn.1/asn1_decode.c
+++ b/src/lib/krb5/asn.1/asn1_decode.c
@@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf,
time_t *val)
if(length != 15) return ASN1_BAD_LENGTH;
retval = asn1buf_remove_charstring(buf,15,&s);
+ if (retval) return retval;
/* Time encoding: MMDDhhmmssZ */
if(s[14] != 'Z') {
free(s);
diff --git a/src/tests/asn.1/krb5_decode_test.c
b/src/tests/asn.1/krb5_decode_test.c
index 0ff9343..1c427d1 100644
- --- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -485,6 +485,22 @@ int main(argc, argv)
ktest_destroy_keyblock(&(ref.subkey));
ref.seq_number = 0;
decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F
31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2
40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+
+retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34
30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
+if (retval) {
+ com_err("krb5_decode_test", retval, "while parsing");
+ exit(1);
+}
+retval = decode_krb5_ap_rep_enc_part(&code, &var);
+if (retval != ASN1_OVERRUN) {
+ printf("ERROR: ");
+} else {
+ printf("OK: ");
+}
+printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for
inconsistent length of timestamp)\n");
+krb5_free_data_contents(test_context, &code);
+krb5_free_ap_rep_enc_part(test_context, var);
+
ktest_empty_ap_rep_enc_part(&ref);
}
This patch is also available at
http://web.mit.edu/kerberos/advisories/2009-002-patch.txt
A PGP-signed patch is available at
http://web.mit.edu/kerberos/advisories/2009-002-patch.txt.asc
REFERENCES
==
This announcement is posted at:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:
http://web.mit.edu/kerberos/advisories/index.html
The main MIT Kerberos web page is at:
http://web.mit.edu/kerberos/index.html
CVSSv2:
http://www.first.org/cvss/cvss-guide
LayerOne 2009 - Registration Open, Initial Speakers Announced
LayerOne May 23-24 2009 Anaheim, CA http://www.layerone.info Anaheim, CA – The LayerOne computer security conference is pleased to announce that we have released our first round of speakers in addition to opening pre-registration for the general public. LayerOne is currently in its 6th year of operation and this year is shaping up to be one of our best events to date. This year’s LayerOne event will be held over Memorial Day weekend, May 23-24 2009, at the newly renovated Anaheim Marriott. Not only have we moved to a larger and more upscale venue, our attendees will also be happy to know that we are walking distance from Disneyland, Downtown Disney, as well as the newly opened Anaheim Garden Walk. In addition to all of this, the Anaheim Marriott has extended a special room rate of 99.00 per night. To take advantage of this room rate either mention you are with ‘LayerOne’ when booking over the phone, or you can book online through our website. We have begun announcing this year’s speaking line-up with more speakers being announced regularly. We still have a few open slots that we need to fill, so if you are interested in speaking at this year’s event please submit a paper via our CFP address of ‘cfp layerone info’. Our current selection of speakers covers a wide range of interests. We will have presentations covering such topics as Web Application Security, GnuRadio, Lockpicking Forensics, Security Consulting, and DNSSEC. Our speakers come from a wide variety of backgrounds and are all subject matter experts in their respective fields. Pre-Registration has opened for this year’s event. The pre-registration price is 100.00USD and is available through our website. Pre-registration is available through the end of the month, after which you will have to register at the door on the day of the event. The door price for this year’s event is 120.00USD. So come on down to Anaheim, see the conference, see the local sights, and help us celebrate 6 years of LayerOne. -The LayerOne Staff
OSSTMM 3 Sample Released
Hi, To show the progress of the OSSTMM 3 we have released a 20 page sample with the ToC included. You'll see the graphics have not been put in nor the new cover attached and there's still some chapters missing and 2 needing editing but this sample should give you a good idea of the extensive content we're working with and how far we've come since the Lite version was released. It's a completely new re-write from 2.0 with a big focus on clarity for the end user. Let's just say we don't want it to read like stereo instructions again ;) You can get the sample at http://www.osstmm.org. Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2009-001 MIT krb5 Security Advisory 2009-001 Original release: 2009-04-07 Last update: 2009-04-07 Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844] SPNEGO implementation can read beyond buffer end CVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 8.5 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact:Complete CVSSv2 Temporal Score: 6.7 Exploitability: Proof-of-Concept Remediation Level: Official Fix Report Confidence: Confirmed [CVE-2009-0845] SPNEGO implementation can dereference a null pointer CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 7.8 CVSSv2 Temporal Score: 6.1 [CVE-2009-0847] ASN.1 decoder incorrect length validation CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 7.8 CVSSv2 Temporal Score: 6.1 See DETAILS for the expanded CVSSv2 metrics for CVE-2009-0845 and CVE-2009-0847. SUMMARY === These are implementation vulnerabilities in MIT krb5, and not vulnerabilities in the Kerberos protocol. [CVE-2009-0844] The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. Under theoretically possible but very unlikely conditions, a small information leak may occur. We believe that no successful exploit exists that could induce an information leak. [CVE-2009-0845] The MIT krb5 implementation of the SPNEGO GSS-API mechanism can dereference a null pointer under error conditions. This can cause a GSS-API application to crash. This vulnerability was previously publicly disclosed. [CVE-2009-0847] MIT krb5 can perform an incorrect length check inside an ASN.1 decoder. This only presents a problem in the PK-INIT code paths. In the MIT krb5 KDC or kinit program, this could lead to spurious malloc() failures or, under some conditions, program crash. We have heard reports of the spurious malloc() failures, but nobody has yet made the publicly made the connection to a security issue. IMPACT == [CVE-2009-0844] An unauthenticated, remote attacker could cause a GSS-API application, including the Kerberos administration daemon (kadmind) to crash. Under extremely unlikely conditions, there may be a theoretical possibility of a small information disclosure. [CVE-2009-0845] An unauthenticated, remote attacker could cause a GSS-API application, including the Kerberos administration daemon (kadmind) to crash. [CVE-2009-0847] An unauthenticated, remote attacker could cause a KDC or kinit program to crash. AFFECTED SOFTWARE = [CVE-2009-0844 CVE-2009-0845] * kadmind in MIT releases krb5-1.5 and later * FTP daemon in MIT releases krb5-1.5 and later * Third-party software using the GSS-API library from MIT krb5 releases krb5-1.5 and later * MIT releases prior to krb5-1.5 did not contain the vulnerable code. [CVE-2009-0847] * The kinit program and the KDC from MIT krb5 release krb5-1.6.3. Prior releases contained the vulnerable code, but the vulnerability was masked due to operations performed by other code. FIXES = * The upcoming krb5-1.7 and krb5-1.6.4 releases will contain fixes for these vulnerabilities. * Apply the patch, available at http://web.mit.edu/kerberos/advisories/2009-001-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2009-001-patch.txt.asc REFERENCES == This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVSSv2: http://www.first.org/cvss/cvss-guide.html http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 CVE: CVE-2009-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844 CVE: CVE-2009-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845 CVE: CVE-2009-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847 CERT: VU#662091 http://www.kb.cert.org/vuls/id/662091 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6402 ACKNOWLEDGMENTS === CVE-2009-0844 was discovered by Product Security at Apple, Inc. We thank Apple and Sun for suggesting improvements to the patches. CONTACT === The MIT Kerberos Team security contact address is . When sending sensitive information, please PGP-encrypt it using the following key: pub 2048R/D9058C24 2009-01-26 [expires: 2010-02-01] uid MIT Kerberos Team Security Contact DETAILS === [CVE-2009-0844] The get_input_token() fun
[USN-754-1] ClamAV vulnerabilities
=== Ubuntu Security Notice USN-754-1 April 07, 2009 clamav vulnerabilities https://launchpad.net/bugs/354190 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.2-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero). Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.diff.gz Size/MD5: 159494 569d83469ec4c0c095e086b96ff93a3e http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.dsc Size/MD5: 1507 50f4ad487c539c33097493adde678bbc http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.2_all.deb Size/MD5: 19497370 29b64e7342a2da826028fcd2d211c180 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.2_all.deb Size/MD5: 1077536 9dade9b20e2af72ab729f822a45ae620 http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.2_all.deb Size/MD5: 208252 185ffe0740b4452c30ff71f15f3acecd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 239812 d419a6a86bfed53b8c65de72018cf2be http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 915298 f142f24d6536475da4f2e4c61c29668f http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 255646 d059cb2af281f852f6d4631dbf23d956 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 235798 b42f6048c8c8c0a325ffafb6adc743a8 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 574076 58ed72c648459676b3ca0b80bf292c72 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 538786 baf0e94e72890b13a55e5a85240adcdd http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_amd64.deb Size/MD5: 232880 aae5790414af14016065fc641c5d0103 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 233350 8dab9e16b38722e0915b2c0bff509d57 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 849252 20380bf3aa97e511e8d5846b48cce4e3 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 253896 168c66b29f99e32e310c95232a335caf http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 232884 ff274f6cfb81c7317e8dc6185e3b99e2 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 542018 90aa265556942f7e385ff8efd1d90378 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 524704 5a5769d3dcafc905cf2566b455a66055 http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_i386.deb Size/MD5: 229422 24ca2a59a498fcd1f0facd82a230382e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_lpia.deb Size/MD5: 232896 a7c1b915398100aae59e78196d88993d http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_lpia.deb Size/MD5: 866776 a0028dcb322e704271d64887c27298c3 http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_lpia.deb Size/MD5: 253922 e3eb70eb180f016131aa58b42c07d30f http://ports.ubuntu.com/pool/mai
[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vulnerability announcement: CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: mod_jk 1.2.0 to 1.2.26 Description: Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly may permit one user to view the response associated with a different user's request. Mitigation: Upgrade to mod_jk 1.2.27 or later Example: See description Credit: This issue was discovered by the Red Hat Security Response Team References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-jk.html The Apache Tomcat Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84 OzL54gpA6e272kokWjK4wZU= =GKVO -END PGP SIGNATURE-
