Fwd: {Lostmon´s Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
# Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability Vendor URL: http://www.microsoft.com Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html Coordinate Dislcosure: YES exploit available: Private CVE-2011-1257 and MS011-57 # Microsoft Internet Explorer 6, 7 and 8 is prone vulnerable to a Remote code execution due a race condition in window.open javascript metod A Remote attacker can compose a web page with malicious code and wen a victim visit this malformed web doc, attacker can exploit this situation. ## Solution ## Microsoft has issue a bulletin class with tecnical detalis about this issue with this identifier [MS011-57] you can found more detailed at this link: http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx Also microsoft has issue a patch to solve this vulnerability see http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx for update your system. Timeline Discovered : January 13, 2011 Vendor Notify: January 19, 2011 Vendor Response: January 19, 2011 Vendor Patch: August 9, 2011 Public Disclosure: August 9, 2011 # €nd # Thnx to Michal Zalewski for his extraordinary mind and knowledge, people like him should have a virtual statue for the rest of the times Thnx To Jack, Gerardo, Nate and all MSRC for his support in this issue. Thnx To Microsoft Vulnerability Research (MSVR) for interesting in this issue and for coordinate Disclosure in other browsers afected. Thnx to All who Belive in Me include you Estrella :** atentamente: Lostmon (lost...@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente
ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-247 August 9, 2011 -- CVE ID: CVE-2011-1963 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer 8 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11266. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for reloading the markup for a root document object. During reloading of the markup, the application will dispatch a notification whilst retaining a reference to the object in the function's context. This can allow an event callback to tamper with the root document object. Usage of this malformed object can then be used to achieve code execution under the context of the application. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx -- Disclosure Timeline: 2011-05-12 - Vulnerability reported to vendor 2011-08-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-248 August 9, 2011 -- CVE ID: CVE-2011-1964 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11456. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for handling STYLE elements. By creating a STYLE element with an invalid behavior, an attacker can force an object of invalid type to be called, resulting in corruption of heap memory. This can be leveraged by an attacker to achieve code execution under the context of the application. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx -- Disclosure Timeline: 2011-05-25 - Vulnerability reported to vendor 2011-08-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Stephen Fewer of Harmony Security (www.harmonysecurity.com) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-249 August 9, 2011 -- CVSS: 6.4, (AV:N/AC:L/Au:N/C:P/I:P/A:N) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11294. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. When a new Internet Explorer process is launched it checks the Integrity of the file it is launched against. If the file is a Low Integrity file it will run the process in Low Integrity Mode. It is however possible to give the file an even lower permission: Untrusted, since this does not match the check for 'Low Integrity' the Internet Explorer will run in Medium Integrity instead of Low Integrity. This can be abused in an exploit to bypass the Protected Mode design and thus allow an attacker to escalate their privileges. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx -- Disclosure Timeline: 2011-03-09 - Vulnerability reported to vendor 2011-08-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Stephen Fewer of Harmony Security (www.harmonysecurity.com) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability
ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-250 August 9, 2011 -- CVE ID: CVE-2011-0252 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. If this counter is too big it will result in a heap overflow that can cause remote code execution under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-08-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Matt j00ru Jurczyk -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-251 August 9, 2011 -- CVE ID: CVE-2011-0250 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11218. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid values in the Sync Sample Atom. Due to a signed compare instead of an unsigned compare it is possible to corrupt the Sample Atom Table. Values from this table are later used to populate a heap buffer and the corrupted value causes a heap overflow. This can result in remote code execution under the context of the current user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-08-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Matt j00ru Jurczyk -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
CfP for 4th OWASP Day Germany 2011 now open
Hi list, we're currently organizing the 4. annual OWASP Day Germany 2011. The CfP is open (English speakers are welcome!), further details are provided here: https://www.owasp.org/index.php/German_OWASP_Day_2011#tab=English_Version We would be happy to have you with us in the lovely city of Munich this November. Regards Tobias Glemser OWASP German Chapter P.S.: Early Bird for registration also started! Be sure to get your ticket right now and check: http://www.german-owasp-day.owasp.de
Multiple XSS in eShop for Wordpress
Vulnerability ID: HTB23034 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_eshop_for_wordpress.html Product: eShop for Wordpress Vendor: Rich Pedley ( http://wordpress.org/extend/plugins/eshop/ ) Vulnerable Version: 6.2.8 and probably prior Tested on: 6.2.8 Vendor Notification: 20 July 2011 Vulnerability Type: XSS (Cross Site Scripting) Status: Fixed by Vendor Risk level: Medium Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ ) Vulnerability Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in eShop for Wordpress, which can be exploited to perform cross-site scripting attacks against logged-in Wordpress Administrator. 1) Input passed via the eshoptemplate GET parameter to /wp-admin/admin.php (when page is set to eshop-templates.php) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a administrator's browser session in context of affected website. The following PoC code is available: http://[host]/wp-admin/admin.php?page=eshop-templates.phpeshoptemplate=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E 2) Input passed via the action GET parameter to /wp-admin/admin.php (when page is set to eshop-orders.php) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a administrator's browser session in context of affected website. The following PoC code is available: http://[host]/wp-admin/admin.php?page=eshop-orders.phpview=1action=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E 3) Input passed via the viewemail GET parameter to /wp-admin/admin.php (when page is set to eshop-orders.php) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a administrator's browser session in context of affected website. http://[host]/wp-admin/admin.php?page=eshop-orders.phpviewemail=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E Solution: Upgrade to the most recent version
[security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02937744 Version: 1 HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-08-09 Last Updated: 2011-08-09 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP webOS Contacts Application. This vulnerability could be exploited to execute arbitrary HTML or JavaScript. References: CVE-2011-2408 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP webOS 3.0.0 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2011-2408(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 Note: This is a different vulnerability than CVE-2010-4109. RESOLUTION The vulnerability can be resolved by updating affected devices to HP webOS version 3.0.2 or subsequent. This update will be provided automatically from HP. HISTORY Version:1 (rev.1) - 9 August 2011 Initial Release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk5BMj8ACgkQ4B86/C0qfVnJWwCfe7MwjcGNvlKun5xNhE5Zyxyt WRYAoN3fnn4QCWih7gSk/E+rsxesCPpx =p8FE -END PGP SIGNATURE-
[security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02945437 Version: 1 HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-08-09 Last Updated: 2011-08-09 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP webOS Calendar Application. This vulnerability could be exploited to execute arbitrary HTML or JavaScript. References: CVE-2011-2409 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP webOS 3.0.0 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2011-2409(AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks 'hankei6km' for reporting this vulnerability to webos-secur...@palm.com. RESOLUTION The vulnerability can be resolved by updating affected devices to HP webOS version 3.0.2 or subsequent. This update will be provided automatically from HP. HISTORY Version:1 (rev.1) - 9 August 2011 Initial Release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk5BNCEACgkQ4B86/C0qfVlz7ACeJTCfuZofvaBIcS65zKUd3D37 CswAn0QNc/hkVJXlfPefNOmNC99A3ilL =3d/g -END PGP SIGNATURE-
[oCERT-2011-002] libavcodec insufficient boundary check
#2011-002 libavcodec insufficient boundary check Description: The libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding. Affected version: FFmpeg = 0.7.2, = 0.8.1 Libav = 0.7.1 The following packages were identified as affected as they statically include libavcodec in their own packages. MPlayer = 1.0_rc4 Fixed version: FFmpeg = 0.7.3, = 0.8.2 Libav, N/A MPlayer, N/A Credit: vulnerability report received from Emmanouel Kellinis. CVE: N/A Timeline: 2011-07-14: vulnerability report received 2011-07-15: contacted ffmpeg maintainers 2011-07-15: ffmpeg maintainer confirms the issue, preliminary patch is provided 2011-07-21: patch approved by reporter 2011-07-23: contacted affected vendors 2011-08-10: advisory release Permalink: http://www.ocert.org/advisories/ocert-2011-002.html -- Daniele Bianco Open Source Computer Security Incident Response Team dan...@ocert.org http://www.ocert.org GPG Key 0x9544A497 GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497
CA20110809-01: Security Notice for CA ARCserve D2D
CA20110809-01: Security Notice for CA ARCserve D2D
Issued: August 9, 2011
CA Technologies support is alerting customers to a security risk
associated with CA ARCserve D2D. A vulnerability exists that can
allow a remote attacker to access credentials and execute arbitrary
commands. CA Technologies has issued a patch to address the
vulnerability.
The vulnerability, CVE-2011-3011, is due to improper session handling.
A remote attacker can access credentials and execute arbitrary
commands.
Risk Rating
High
Platform
Windows
Affected Products
CA ARCserve D2D r15
How to determine if the installation is affected
Search under TOMCAT directory for BaseServiceImpl.class, and if the
date is earlier than August 03, 2011, then you should apply fix
RO33517.
Solution
CA has issued a patch to address the vulnerability.
CA ARCserve D2D r15:
RO33517
Workaround
None
References
CVE-2011-3011 - CA ARCserve D2D session handling vulnerability
Acknowledgement
None
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at support.ca.com
If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Note: Original security notice can be found here (URL may wrap):
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={7D3ACC0F-6C01-4BE2-B5C0-C430CEB45BE6}
Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22 @ ca.com
